arfis

Trustworthy

arfis — Thu, 20 Sep 2007 08:58:15 +0000

Please note the “Note” in the sidebar, then read this: http://osvdb.org/blog/?p=185. This people are absolutely right, don’t use the informations here “as is”, recheck them, test them. Also once again, this script wasn’t mean to work with an 100% hit quota, but for programming fun for me.

This is a good indication of how trustworthy the tool is, early release or not, and what kind of burden it places on VDBs who do their best to vet vulnerability disclosures to a limited degree.

Well, psorry.

Sourceforge.net sucked off

arfis — Sat, 15 Sep 2007 13:06:45 +0000

The script reach the end in the search of sourceforge.net for PHP scripts recently. But don’t worry, arfis will continue with download and checking scripts from hotscripts.com. Yeah, more RFI’s will come :).

RFI (0.3): php(Reactor)

arfis — Fri, 14 Sep 2007 17:36:32 +0000

Project Name: php(Reactor)
Project Link: http://sourceforge.net/projects/phpreactor/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpreactor/phpreactor-1.2.7pl1.tar.gz
RFI Info:
File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-int.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/phpreactor.org-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

(found with version 0.3 – 4147 projects processed so far)

RFI (0.3): PHPortal

arfis — Fri, 14 Sep 2007 17:35:19 +0000

Project Name: PHPortal
Project Link: http://sourceforge.net/projects/xpc/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/xpc/PHPortal_beta_v027.zip
RFI Info:
File: tmp/PHPortal_beta_v027/form/db_form/employee.php
Line: 4
Vuln Code: require($DOCUMENT_ROOT.’/form/db_form_o_model.php’);

(found with version 0.3 – 4141 projects processed so far)

RFI (0.3): YaPiG – Yet Another PHP Image Gallery

arfis — Fri, 14 Sep 2007 17:34:20 +0000

Project Name: YaPiG – Yet Another PHP Image Gallery
Project Link: http://sourceforge.net/projects/yapig/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/yapig/yapig-0.95b.tar.gz
RFI Info:
File: tmp/yapig-0.95b.ta/yapig-0.95b/sample.php
Line: 10
Vuln Code: require_once($YAPIG_PATH .’last_gallery.php’);

(found with version 0.3 – 4139 projects processed so far)

RFI (0.3): myphpPagetool

arfis — Fri, 14 Sep 2007 17:12:43 +0000

Project Name: myphpPagetool
Project Link: http://sourceforge.net/projects/myphppagetool/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/myphppagetool/myphpPagetool-0.4.3.tar.gz
RFI Info:
File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/index.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help6.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help9.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help3.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help1.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help4.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help8.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help5.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help2.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help7.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

(found with version 0.3 – 4028 projects processed so far)

RFI (0.3): Webmedia Explorer

arfis — Fri, 14 Sep 2007 17:10:45 +0000

Project Name: Webmedia Explorer
Project Link: http://sourceforge.net/projects/webmex/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webmex/Webmedia_Explorer_3_2_2.zip
RFI Info:
File: tmp/Webmedia_Explorer_3_2_2/wme/includes/core.lib.php
Line: 3
Vuln Code: include ( $path_include.”int.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/includes/rss.class.php
Line: 3
Vuln Code: include ( $path_include.”xdoc.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/main.tpl.php
Line: 14
Vuln Code:

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/folder_messages_link_message_name.tpl.php
Line: 7
Vuln Code: I_am_post () ) include ( $path_template.”folder_messages_link_message_desc.tpl.php” ) ?>

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/sidebar.tpl.php
Line: 7
Vuln Code: include ( $path_templates.”dirs.tpl.php” );

(found with version 0.3 – 4016 projects processed so far)

RFI (0.3): Streamline PHP Media Server

arfis — Fri, 14 Sep 2007 17:08:45 +0000

Project Name: Streamline PHP Media Server
Project Link: http://sourceforge.net/projects/streamline/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/streamline/streamline-1.0-beta4.tar.gz
RFI Info:
File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/admin_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/admin/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/info_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/browse/info_footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/theme_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/common/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/browse_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/browse/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/account_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/account/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/search_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/search/footer.php” );

(found with version 0.3 – 4005 projects processed so far)

RFI (0.3): pSlash

arfis — Fri, 14 Sep 2007 16:42:49 +0000

Project Name: pSlash
Project Link: http://sourceforge.net/projects/pslash/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pslash/pslash-0.70.tar.gz
RFI Info:
File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/admin/view-archiver.inc.php
Line: 14
Vuln Code: include($lvc_admin_dir.’/archiver-export.inc.php’);

File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/include/config.inc.php
Line: 33
Vuln Code: include($lvc_include_dir.’lang/english.inc.php’);

File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/include/menus.inc.php
Line: 47
Vuln Code: include($lvc_include_dir.’/menus-’.$view.’.inc.php’);

(found with version 0.3 – 3870 projects processed so far)

Version 0.3

arfis — Fri, 14 Sep 2007 16:37:48 +0000

Now the script checks also for “defined(…) or die” wich also kill’s RFI’s. Another check: if the include or require is in a function, if so the RFI is useless. Version 0.3 is now running.

RFI (0.3): openEngine

arfis — Fri, 14 Sep 2007 16:36:58 +0000

Project Name: openEngine
Project Link: http://sourceforge.net/projects/openengine/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/openengine/openengine19_beta1.zip
RFI Info:
File: tmp/openengine19_beta1/openengine19/html/modules/extranet_profile/main.php
Line: 10
Vuln Code: include($this_module_path.”/profile_new.php”);

(found with version 0.3 – 3846 projects processed so far)

RFI (0.2): guanxiCRM Business Solution

arfis — Fri, 14 Sep 2007 08:46:27 +0000

Project Name: guanxiCRM Business Solution
Project Link: http://sourceforge.net/projects/guanxicrm/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/guanxicrm/guanxicrm_0.9.1.tar.gz
RFI Info:
File: tmp/guanxicrm_0.9.1.ta/modules/webmail2/inc/rfc822.php
Line: 20
Vuln Code: require_once($webmail2_inc_dir.’pear.php’);

(found with version 0.2 – 3777 projects processed so far)

RFI (0.2): Online Fantasy Football League

arfis — Fri, 14 Sep 2007 08:30:28 +0000

Project Name: Online Fantasy Football League
Project Link: http://sourceforge.net/projects/offl/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/offl/offl-0.2.6-patch.zip
RFI Info:
File: tmp/offl-0.2.6-patch/offl-0.2.6-patch/www/lib/classes/offl_nflteam.php
Line: 12
Vuln Code: require_once($DOC_ROOT . “/lib/classes/offl_dbobject.php”);

(found with version 0.2 – 3673 projects processed so far)

RFI (0.2): EZ-Ticket

arfis — Fri, 14 Sep 2007 08:29:28 +0000

Project Name: EZ-Ticket
Project Link: http://sourceforge.net/projects/ezt/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/ezt/ezt-0.01.tar.gz
RFI Info:
File: tmp/ezt-0.01.ta/ezt/common.php
Line: 3
Vuln Code: include($ezt_root_path . ‘/functions/anti-hack.php’);

(found with version 0.2 – 3666 projects processed so far)

RFI (0.2): phpmyProfiler

arfis — Fri, 14 Sep 2007 08:25:06 +0000

Project Name: phpmyProfiler
Project Link: http://sourceforge.net/projects/phpmyprofiler/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpmyprofiler/phpmyProfiler-0.9.6b.tar.bz2
RFI Info:
File: tmp/phpmyProfiler-0.9.6b.tar/include/plugin/block.t.php
Line: 9
Vuln Code: require_once($pmp_rel_path . “/functions.php”);

(found with version 0.2 – 3643 projects processed so far)

RFI (0.2): Mods 4 Xoops Contenido eZ publish

arfis — Fri, 14 Sep 2007 05:45:05 +0000

Project Name: Mods 4 Xoops Contenido eZ publish
Project Link: http://sourceforge.net/projects/pdf4cms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pdf4cms/contenido42VV10.zip
RFI Info:
File: tmp/contenido42VV10/contenidofinal/contenido/main_upl.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_upl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con_editside.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_con.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news_rcp.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_mod.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_mod.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_show_sidelist.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/mod_show_modules.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_edit_form.inc.php
Line: 94
Vuln Code:

File: tmp/contenido42VV10/contenidofinal/contenido/inc/lay_show_layouts.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_show_tree.inc.php
Line: 7
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/news_show_newsletters.inc.php
Line: 24
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_emptycol.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/upl_show_uploads.inc.php
Line: 16
Vuln Code: include($cfgPathInc.”upl_upload_form.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/str_show_tree.inc.php
Line: 6
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/tpl_show_templates.inc.php
Line: 5
Vuln Code: include ($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/stat_show_tree.inc.php
Line: 5
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_line0.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/inc/con_editcontent.inc.php
Line: 2
Vuln Code: if ($action == 10) {include($cfgPathContenido.$cfgPathTpl.”tplInputField_”.$type.”.inc.php”);}

File: tmp/contenido42VV10/contenidofinal/contenido/inc/news_show_recipients.inc.php
Line: 43
Vuln Code: include($cfgPathContenido.$cfgPathTpl.”all_html_emptycol.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tplinput_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tplinput.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_con.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tpl.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tpl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con_sidelist.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_con.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_str.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_str.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tplinput.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tplinput.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_lang.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_lang.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_mod_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_mod.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_lay.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_lay.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_lay_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_lay.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_user_md5.php3
Line: 2
Vuln Code: include($cfgPathTpl.”header.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news_send.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_con_edittpl.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tpl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_stat.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_stat.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_mod.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_lay.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_upl.php
Line: 8
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_stat.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_news.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_str.php
Line: 6
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/header.php
Line: 123
Vuln Code: include($cfgPathTpl.”form_client.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_con_sidelist.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/main_top.inc.php
Line: 3
Vuln Code: include($cfgPathTpl.”all_html_table1_1.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_tpl.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/tpl/actions_con.php
Line: 4
Vuln Code: include($cfgPathTpl.”all_html_table1_3.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_tpl_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_tpl.inc.php”);

File: tmp/contenido42VV10/contenidofinal/contenido/main_news_edit.php
Line: 2
Vuln Code: include($cfgPathInc.”fnc_news.inc.php”);

(found with version 0.2 – 3613 projects processed so far)

RFI (0.2): der-dirigent

arfis — Fri, 14 Sep 2007 05:38:07 +0000

Project Name: der-dirigent
Project Link: http://sourceforge.net/projects/der-dirigent/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/der-dirigent/der_dirigent_v1.0.zip
RFI Info:
File: tmp/der_dirigent_v1.0/backend/inc/inc.generate_code.php
Line: 7
Vuln Code: include($dedi_path.’inc/fnc.type.php’);

File: tmp/der_dirigent_v1.0/projekt01/cms/inc/frontend.php
Line: 159
Vuln Code: include( $dedi_path . ‘inc/inc.generate_code.php’ );

File: tmp/der_dirigent_v1.0/projekt01/cms/inc/backend.php
Line: 5
Vuln Code: include($dedi_path.’inc/fnc.generate_code.php’);

File: tmp/der_dirigent_v1.0/backend/inc/fnc.type_forms.php
Line: 7
Vuln Code: include_once($dedi_path.’inc/fnc.type_common.php’);

File: tmp/der_dirigent_v1.0/backend/inc/fnc.type.php
Line: 24
Vuln Code: include_once($dedi_path.’inc/fnc.type_common.php’);

File: tmp/der_dirigent_v1.0/backend/inc/class.filemanager.php
Line: 81
Vuln Code: require_once ($this_dir.’inc/class.fileaccess.php’);

(found with version 0.2 – 3572 projects processed so far)

RFI (0.2): phpFFL – Fantasy Football League Manager

arfis — Fri, 14 Sep 2007 05:36:23 +0000

Project Name: phpFFL – Fantasy Football League Manager
Project Link: http://sourceforge.net/projects/phpffl/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpffl/phpffl_1_24.tar.gz
RFI Info:
File: tmp/phpffl_1_24.ta/phpffl/phpffl_webfiles/signup.php
Line: 2
Vuln Code: include($PHPFFL_FILE_ROOT.”program_files/config.php”);

File: tmp/phpffl_1_24.ta/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php
Line: 2
Vuln Code: require($PHPFFL_FILE_ROOT.”program_files/livedraft/sajax.php”);

File: tmp/phpffl_1_24.ta/phpffl/phpffl_webfiles/program_files/livedraft/admin.php
Line: 2
Vuln Code: require($PHPFFL_FILE_ROOT.”program_files/livedraft/sajax.php”);

(found with version 0.2 – 3560 projects processed so far)

RFI (0.2): Ajax File Browser

arfis — Fri, 14 Sep 2007 05:34:52 +0000

Project Name: Ajax File Browser
Project Link: http://sourceforge.net/projects/ajaxfb/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/ajaxfb/afb-3-beta-2007-08-28.zip
RFI Info:
File: tmp/afb-3-beta-2007-08-28/_includes/settings.inc.php
Line: 12
Vuln Code: require_once($approot.’_includes/functions_file.inc.php’);

(found with version 0.2 – 3552 projects processed so far)

RFI (0.2): Puzzle Apps CMS

arfis — Fri, 14 Sep 2007 05:05:05 +0000

Project Name: Puzzle Apps CMS
Project Link: http://sourceforge.net/projects/puzzlecms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/puzzlecms/puzzle2-2.2.1.tar.gz
RFI Info:
File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/my/my.module.php
Line: 69
Vuln Code: include_once($MODULEDIR . “drivers/” . $DRIVER . “.driver.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/xml/xml.module.php
Line: 3
Vuln Code: include_once($MODULEDIR . “drivers/xml.driver.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/config.loader.php
Line: 5
Vuln Code: include_once($COREROOT . “config/loader.config.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/platform.loader.php
Line: 8
Vuln Code: include_once($COREROOT . “core/platform.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/core.loader.php
Line: 3
Vuln Code: include_once($COREROOT.”core/permissions.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/person.loader.php
Line: 8
Vuln Code: include_once($COREROOT . “core/person.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/module.loader.php
Line: 5
Vuln Code: include_once($COREROOT . “core/module.class.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/people.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/general.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/content.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/admin/libs/templates.lib.php
Line: 3
Vuln Code: include($THISDIR . $_GET["load"] . “.lib.php”);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/core/modules/webstat/MEC/index.php
Line: 100
Vuln Code: include($THISDIR . ‘nav.inc’);

File: tmp/puzzle2-2.2.1.ta/puzzle2-latest/install/steps/step_3.php
Line: 44
Vuln Code: require($COREROOT . “modules/database/adodb/adodb-xmlschema.inc.php”);

(found with version 0.2 – 3386 projects processed so far)