Researcher: CraCkEr
http://www.milw0rm.com/exploits/9013
The source code for 0.7.8 says:
if (__FILE__ == $_SERVER['SCRIPT_FILENAME'])
die("This file cannot be executed directly");
include_once ("languages/$g_lang");
which seems to prevent direct request in my environment.
This code is in 0.7 as well. The file doesn't exist in 0.6.
- Steve