@bekopharm Is this actual production code? It reads like a textbook example of a vulnerable file inclusion.

@jkb it is. identified ~1600 saved payloads already. Ongoing. …not my fault - I'm just doing the aftermath ;)

@l4p1n only if [s] really exists, but yeah ;-) Combined with a file upload vulberable (also there) it's basically a free ticket.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!