不经意的遇到这个国外的CMS系统：XOOPS 2.2.6，google了下，版本比较老了，没发现有什么已知漏洞，于是下源码自己看，还是没发现有啥可以利用了，只不过看到了几个鸡肋，于是发出来。

XOOPS is a web application platform written in PHP for the MySQL database.Its object orientation makes it an ideal tool for developing small or large community websites, intra company and corporate portals, weblogs and much more. (Reference : http://www.xoops.org).

1.Local File Inclusion Vulnerabilities：

/*
works with:
magic_quotes_gpc = Off
*/

现在能遇到这个php配置的，简直可以去买彩票了，所以够鸡肋的。

Local File Include vulnerability found in scripts:
modules/system/admin....