arfis

automated Remote File Inclusion search

Trustworthy September 20, 2007

Filed under: Development — arfis @ 8:58 am

Please note the “Note” in the sidebar, then read this: http://osvdb.org/blog/?p=185. This people are absolutely right, don’t use the informations here “as is”, recheck them, test them. Also once again, this script wasn’t mean to work with an 100% hit quota, but for programming fun for me.

This is a good indication of how trustworthy the tool is, early release or not, and what kind of burden it places on VDBs who do their best to vet vulnerability disclosures to a limited degree.

Well, psorry.

 

Sourceforge.net sucked off September 15, 2007

Filed under: Development — arfis @ 1:06 pm

The script reach the end in the search of sourceforge.net for PHP scripts recently. But don’t worry, arfis will continue with download and checking scripts from hotscripts.com. Yeah, more RFI’s will come :).

 

RFI (0.3): php(Reactor) September 14, 2007

Filed under: RFI — arfis @ 5:36 pm

Project Name: php(Reactor)
Project Link: http://sourceforge.net/projects/phpreactor/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpreactor/phpreactor-1.2.7pl1.tar.gz
RFI Info:
File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-int.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/phpreactor.org-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

(found with version 0.3 – 4147 projects processed so far)

 

RFI (0.3): PHPortal

Filed under: RFI — arfis @ 5:35 pm

Project Name: PHPortal
Project Link: http://sourceforge.net/projects/xpc/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/xpc/PHPortal_beta_v027.zip
RFI Info:
File: tmp/PHPortal_beta_v027/form/db_form/employee.php
Line: 4
Vuln Code: require($DOCUMENT_ROOT.’/form/db_form_o_model.php’);

(found with version 0.3 – 4141 projects processed so far)

 

RFI (0.3): YaPiG – Yet Another PHP Image Gallery

Filed under: RFI — arfis @ 5:34 pm

Project Name: YaPiG – Yet Another PHP Image Gallery
Project Link: http://sourceforge.net/projects/yapig/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/yapig/yapig-0.95b.tar.gz
RFI Info:
File: tmp/yapig-0.95b.ta/yapig-0.95b/sample.php
Line: 10
Vuln Code: require_once($YAPIG_PATH .’last_gallery.php’);

(found with version 0.3 – 4139 projects processed so far)

 

RFI (0.3): myphpPagetool

Filed under: RFI — arfis @ 5:12 pm

Project Name: myphpPagetool
Project Link: http://sourceforge.net/projects/myphppagetool/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/myphppagetool/myphpPagetool-0.4.3.tar.gz
RFI Info:
File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/index.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help6.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help9.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help3.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help1.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help4.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help8.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help5.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help2.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help7.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

(found with version 0.3 – 4028 projects processed so far)

 

RFI (0.3): Webmedia Explorer

Filed under: RFI — arfis @ 5:10 pm

Project Name: Webmedia Explorer
Project Link: http://sourceforge.net/projects/webmex/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webmex/Webmedia_Explorer_3_2_2.zip
RFI Info:
File: tmp/Webmedia_Explorer_3_2_2/wme/includes/core.lib.php
Line: 3
Vuln Code: include ( $path_include.”int.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/includes/rss.class.php
Line: 3
Vuln Code: include ( $path_include.”xdoc.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/main.tpl.php
Line: 14
Vuln Code:

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/folder_messages_link_message_name.tpl.php
Line: 7
Vuln Code: I_am_post () ) include ( $path_template.”folder_messages_link_message_desc.tpl.php” ) ?>

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/sidebar.tpl.php
Line: 7
Vuln Code: include ( $path_templates.”dirs.tpl.php” );

(found with version 0.3 – 4016 projects processed so far)

 

 
Follow

Get every new post delivered to your Inbox.

Join 25 other followers