Sourceforge.net sucked off

Sourceforge.net sucked off September 15, 2007

Filed under: Development — arfis @ 1:06 pm

The script reach the end in the search of sourceforge.net for PHP scripts recently. But don’t worry, arfis will continue with download and checking scripts from hotscripts.com. Yeah, more RFI’s will come :).

Nutshell

What you see here is the output of the "arfis project", a simple perl script. It automatically downloads and extract PHP projects from sourceforge.net and checks for Remote File Inclusion vulnerabilities. It then post's the potential (now it's -potential-, cause the script is in an early stadium) vuln to this blog.

Contact: arfis@gmx.de

arfis status

Version: 0.3
Running: No

todo

- get scripts from hotscripts.com
- check for .htaccess files wich could prevent RFI's
- check if the "variable" is DOCUMENT_ROOT or such
- other improvements

note

The found RFI's are not re-checked, nor if they work, nor if they were already found. Arfis is not a 100% valuable source, so don't blame it if you get a non working or existing RFI. Thanks.

a

Recent RFI’s

disclaimer

This project is done for informational purpose only. The author is not responsible for damage of websites running exposed PHP scripts. Anyway, you are allowed to recheck the vulnerabilities posted on this site, inform the author(s) of the PHP project, and release it on sites like milw0rm. But please, give some credits to "arfis" if you do so.

arfis

automated Remote File Inclusion search