arfis

automated Remote File Inclusion search

RFI (0.2): FrontAccounting September 14, 2007

Filed under: RFI — arfis @ 4:52 am

Project Name: FrontAccounting
Project Link: http://sourceforge.net/projects/frontaccounting/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/frontaccounting/frontaccount-1.12.tar.gz
RFI Info:
File: tmp/frontaccount-1.12.ta/manufacturing/inquiry/bom_cost_inquiry.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/view/wo_issue_view.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/view/work_order_view.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/view/wo_production_view.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/work_order_entry.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/work_order_issue.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/ui/items_cart.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/search_work_orders.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/work_order_release.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/work_order_add_finished.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/manage/bom_edit.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep209.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep105.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep706.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep704.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep301.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep707.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep708.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep204.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/reports_main.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep701.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep202.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep501.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep401.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep302.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep104.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep102.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep303.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep109.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep705.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep709.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep201.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep108.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep101.php
Line: 13
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep107.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep702.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep103.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/reporting/rep203.php
Line: 12
Vuln Code: include_once($path_to_root . “includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/inquiry/customer_inquiry.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/inquiry/customer_allocation_inquiry.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/customer_credit_invoice.php
Line: 6
Vuln Code: include_once($path_to_root . “/sales/includes/cart_class.inc”);

File: tmp/frontaccount-1.12.ta/sales/allocations/customer_allocation_main.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/view/view_credit.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/view/view_invoice.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/view/view_receipt.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/view/view_sales_order.php
Line: 5
Vuln Code: include_once($path_to_root . “/sales/includes/cart_class.inc”);

File: tmp/frontaccount-1.12.ta/sales/sales_order_entry.php
Line: 5
Vuln Code: include_once($path_to_root . “/sales/includes/cart_class.inc”);

File: tmp/frontaccount-1.12.ta/sales/customer_payments.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/customer_invoice.php
Line: 5
Vuln Code: include_once($path_to_root . “/sales/includes/cart_class.inc”);

File: tmp/frontaccount-1.12.ta/sales/manage/customers.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/credit_note_entry.php
Line: 8
Vuln Code: include_once($path_to_root . “/sales/includes/cart_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/allocations/supplier_allocation_main.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/view/view_supp_credit.php
Line: 6
Vuln Code: include_once($path_to_root . “/purchasing/includes/purchasing_db.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/view/view_supp_invoice.php
Line: 6
Vuln Code: include_once($path_to_root . “/purchasing/includes/purchasing_db.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/supplier_credit_grns.php
Line: 6
Vuln Code: include_once($path_to_root . “/purchasing/includes/supp_trans_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/supplier_payment.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/supplier_invoice.php
Line: 6
Vuln Code: include_once($path_to_root . “/purchasing/includes/purchasing_db.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/po_receive_items.php
Line: 4
Vuln Code: include_once($path_to_root . “/purchasing/includes/po_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/supplier_invoice_grns.php
Line: 5
Vuln Code: include_once($path_to_root . “/purchasing/includes/supp_trans_class.inc”);

File: tmp/frontaccount-1.12.ta/config.php
Line: 27
Vuln Code: include_once($path_to_root . “/config_db.php”);

File: tmp/frontaccount-1.12.ta/admin/create_coy.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/backups.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/view_print_transaction.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/inst_module.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/fiscalyears.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/void_transaction.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/inst_lang.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/users.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/includes/lang/language.php
Line: 3
Vuln Code: include_once($path_to_root . “/lang/installed_languages.inc”);

File: tmp/frontaccount-1.12.ta/gl/inquiry/gl_account_inquiry.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/inquiry/bank_inquiry.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/inquiry/gl_trial_balance.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/view/gl_trans_view.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/gl_payment.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/ui/items_cart.inc”);

File: tmp/frontaccount-1.12.ta/gl/gl_journal.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/ui/items_cart.inc”);

File: tmp/frontaccount-1.12.ta/gl/bank_transfer.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/gl_deposit.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/ui/items_cart.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/currencies.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/exchange_rates.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/reorder_level.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/inquiry/stock_movements.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/inquiry/stock_status.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/purchasing_data.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/cost_update.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/transfers.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/ui/items_cart.inc”);

File: tmp/frontaccount-1.12.ta/inventory/prices.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/adjustments.php
Line: 5
Vuln Code: include_once($path_to_root . “/includes/ui/items_cart.inc”);

File: tmp/frontaccount-1.12.ta/dimensions/inquiry/search_dimensions.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/dimensions/view/view_dimension.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/dimensions/dimension_entry.php
Line: 6
Vuln Code: include_once($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/access/login.php
Line: 2
Vuln Code: include_once($path_to_root . “/includes/ui/ui_view.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/inquiry/where_used_inquiry.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/manufacturing/manage/work_centres.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/inquiry/sales_orders_view.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/allocations/customer_allocate.php
Line: 5
Vuln Code: include($path_to_root . “/includes/ui/allocation_cart.inc”);

File: tmp/frontaccount-1.12.ta/sales/manage/sales_types.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/manage/credit_status.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/manage/sales_areas.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/manage/customer_branches.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/sales/manage/sales_people.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/inquiry/supplier_inquiry.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/inquiry/po_search.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/inquiry/po_search_completed.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/inquiry/supplier_allocation_inquiry.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/po_entry_items.php
Line: 6
Vuln Code: include($path_to_root . “/purchasing/includes/po_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/supplier_trans_gl.php
Line: 6
Vuln Code: include($path_to_root . “/purchasing/includes/supp_trans_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/allocations/supplier_allocate.php
Line: 4
Vuln Code: include($path_to_root . “/includes/ui/allocation_cart.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/view/view_grn.php
Line: 5
Vuln Code: include($path_to_root . “/purchasing/includes/po_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/view/view_po.php
Line: 6
Vuln Code: include($path_to_root . “/purchasing/includes/po_class.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/view/view_supp_payment.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/manage/suppliers.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/purchasing/supplier_credit.php
Line: 5
Vuln Code: include($path_to_root . “/purchasing/includes/supp_trans_class.inc”);

File: tmp/frontaccount-1.12.ta/admin/display_prefs.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/payment_terms.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/company_preferences.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/gl_setup.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/shipping_companies.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/admin/forms_setup.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/view/gl_deposit_view.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/view/gl_payment_view.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/view/bank_transfer_view.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/gl_accounts.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/gl_account_classes.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/gl_account_types.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/bank_trans_types.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/manage/bank_accounts.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/gl/gl_budget.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/view/view_transfer.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/view/view_adjustment.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/manage/locations.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/manage/movement_types.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/manage/items.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/inventory/manage/item_categories.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/taxes/tax_types.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/taxes/tax_groups.php
Line: 6
Vuln Code: include($path_to_root . “/includes/session.inc”);

File: tmp/frontaccount-1.12.ta/access/logout.php
Line: 5
Vuln Code: include($path_to_root . “/includes/session.inc”);

(found with version 0.2 – 3302 projects processed so far)

 

RFI (0.2): WebspotBlogging September 14, 2007

Filed under: RFI — arfis @ 4:50 am

Project Name: WebspotBlogging
Project Link: http://sourceforge.net/projects/webspotblogging/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webspotblogging/webspotblogging_3-01.zip
RFI Info:
File: tmp/webspotblogging_3-01/Upload/inc/logincheck.inc.php
Line: 28
Vuln Code: include($path.”inc/footer.inc.php”);

File: tmp/webspotblogging_3-01/Upload/inc/adminheader.inc.php
Line: 18
Vuln Code: include($path.”inc/global.php”);

File: tmp/webspotblogging_3-01/Upload/inc/mainheader.inc.php
Line: 18
Vuln Code: include($path.”inc/global.php”);

(found with version 0.2 – 3290 projects processed so far)

 

RFI (0.2): Content*Builder September 14, 2007

Filed under: RFI — arfis @ 4:44 am

Project Name: Content*Builder
Project Link: http://sourceforge.net/projects/content-builder/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/content-builder/cb_071.zip
RFI Info:
File: tmp/cb_071/libraries/comment/insertComment.php
Line: 3
Vuln Code: include_once($path[cb].”lib/CB_bb_code_parser.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/article.inc.php
Line: 25
Vuln Code: include_once($cbDirLib.”CB_sext_rp.class.php”);

File: tmp/cb_071/modules/headline/showHeadline.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/headline/headlineBox.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/shoutbox/shoutBox.php
Line: 5
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article2/fullarticle.inc.php
Line: 2
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article2/overview.inc.php
Line: 2
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article/fullarticle.inc.php
Line: 2
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article/overview.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/guestbook/guestbook.inc.php
Line: 5
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/download/detailView.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/download/overview.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/forum/forum.inc.php
Line: 2
Vuln Code: include($pluginLocation.’/plugin.config’);

File: tmp/cb_071/contentbuilder/plugins/col_man/colModify.inc.php
Line: 221
Vuln Code: include($pluginLocation.”/colRightAdmin.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/media_manager/mediaTree.inc.php
Line: 58
Vuln Code: include($cbDirSystem.”fileTree.class.php”);

File: tmp/cb_071/contentbuilder/plugins/media_manager/mediaTypes.inc.php
Line: 19
Vuln Code: include($pluginLocation.”/mediaTypesGeneral.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artOverview.inc.php
Line: 71
Vuln Code: include($cbDirLib.”pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artModHead.inc.php
Line: 250
Vuln Code: include($pluginLocation.”/artAdd3.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/listXmlFiles.inc.php
Line: 2
Vuln Code: include($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artAdd1.inc.php
Line: 300
Vuln Code: include($pluginLocation.”/artAdd3.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/newsletter2/newsletter.inc.php
Line: 2
Vuln Code: include($pluginLocation.’/plugin.config’);

File: tmp/cb_071/contentbuilder/plugins/newsletter2/categoryDetail.inc.php
Line: 5
Vuln Code: include($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/events/eventOverview.inc.php
Line: 50
Vuln Code: include($pluginLocation.”/calendar.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/poll/poll.inc.php
Line: 2
Vuln Code: include($pluginLocation.’/plugin.config’);

File: tmp/cb_071/modules/shoutbox/insertEntry.inc.php
Line: 5
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/modules/article2/comments.inc.php
Line: 14
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/modules/article/comments.inc.php
Line: 14
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/modules/guestbook/insertEntry.inc.php
Line: 7
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/headlineManager.inc.php
Line: 5
Vuln Code: require_once($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/commentManager.inc.php
Line: 2
Vuln Code: require_once($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artMultipleFolder.inc.php
Line: 2
Vuln Code: require_once($cbDirLib.”CB_NestedSet.class.php”);

File: tmp/cb_071/contentbuilder/plugins/user_managment/usrDetails.inc.php
Line: 2
Vuln Code: require_once($cbDirLib.”CB_user.class.php”);

File: tmp/cb_071/modules/forum/messageAddReply.inc.php
Line: 108
Vuln Code: require_once($actualModuleDir.”messagePost.inc.php”);

File: tmp/cb_071/modules/forum/messageAddThread.inc.php
Line: 34
Vuln Code: require_once($actualModuleDir.”messagePost.inc.php”);

File: tmp/cb_071/modules/forum/showThread.inc.php
Line: 16
Vuln Code: require_once($actualModuleDir.”plugins/views/default/showThread.inc.php”);

File: tmp/cb_071/modules/forum/messageEdit.inc.php
Line: 23
Vuln Code: require_once($actualModuleDir.”messagePost.inc.php”);

File: tmp/cb_071/modules/archive/overview.inc.php
Line: 2
Vuln Code: require_once($rel.”libraries/BTPL_functions.inc.php”);

(found with version 0.2 – 3248 projects processed so far)

 

RFI (0.2): Extreme PHPBB September 14, 2007

Filed under: RFI — arfis @ 4:43 am

Project Name: Extreme PHPBB
Project Link: http://sourceforge.net/projects/extrememodphpbb/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/extrememodphpbb/extreme3.zip
RFI Info:
File: tmp/extreme3/extreme3/forum/includes/topic_review.php
Line: 124
Vuln Code: include($phpbb_root_path . ‘includes/page_header.’.$phpEx);

File: tmp/extreme3/extreme3/forum/includes/functions.php
Line: 36
Vuln Code: include_once( $phpbb_root_path . ‘./includes/functions_categories_hierarchy.’ . $phpEx );

File: tmp/extreme3/extreme3/forum/includes/functions_portal.php
Line: 22
Vuln Code: include_once($phpbb_root_path . ‘includes/lite.’.$phpEx);

(found with version 0.2 – 3241 projects processed so far)

 

RFI (0.2): smartSite CMS September 14, 2007

Filed under: RFI — arfis @ 4:23 am

Project Name: smartSite CMS
Project Link: http://sourceforge.net/projects/smartsite/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/smartsite/smartsitecms_10.zip
RFI Info:
File: tmp/smartsitecms_10/smartsite1.0_distro/admin/index.php
Line: 40
Vuln Code: require($root . “include/inc_adminheader.php”);

File: tmp/smartsitecms_10/smartsite1.0_distro/admin/include/inc_adminfoot.php
Line: 20
Vuln Code: require($root . “include/inc_footer.php”);

File: tmp/smartsitecms_10/smartsite1.0_distro/admin/test.php
Line: 18
Vuln Code: require($root . “../include/inc_adminheader.php”);

File: tmp/smartsitecms_10/smartsite1.0_distro/include/inc_foot.php
Line: 23
Vuln Code: require($root . “include/inc_navigation.php”);

(found with version 0.2 – 3108 projects processed so far)

 

RFI (0.2): WEBInsta™ CMS September 14, 2007

Filed under: RFI — arfis @ 4:16 am

Project Name: WEBInsta™ CMS
Project Link: http://sourceforge.net/projects/webinsta/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webinsta/webinstalite.0.3.zip
RFI Info:
File: tmp/webinstalite.0.3/webinsta/admin/structure.php
Line: 27
Vuln Code: include($templates_dir.”template.def.php”);

(found with version 0.2 – 3061 projects processed so far)

 

RFI (0.2): Discloser September 14, 2007

Filed under: RFI — arfis @ 4:10 am

Project Name: Discloser
Project Link: http://sourceforge.net/projects/discloser/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/discloser/discloser-0.0.4.tar.gz
RFI Info:
File: tmp/discloser-0.0.4.ta/discloser-0.0.4/plugins/plugins.php
Line: 8
Vuln Code: include($type . “.plugin.php”);

(found with version 0.2 – 3021 projects processed so far)

 

RFI (0.2): O – OpenSource GroupWare September 14, 2007

Filed under: RFI — arfis @ 4:09 am

Project Name: O – OpenSource GroupWare
Project Link: http://sourceforge.net/projects/osgw/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/osgw/osgw-31052004-027.tar.bz2
RFI Info:
File: tmp/osgw-31052004-027.tar/osgw/osgw/config/data/o_timezones.php
Line: 12
Vuln Code: include($root_dir .”/config/tz_list.php”);

File: tmp/osgw-31052004-027.tar/osgw/osgw/config/data/o_countries.php
Line: 14
Vuln Code: require($root_dir .”/config/country_list.php”);

(found with version 0.2 – 3010 projects processed so far)

 

RFI (0.2): PhpMyCms September 14, 2007

Filed under: RFI — arfis @ 4:04 am

Project Name: PhpMyCms
Project Link: http://sourceforge.net/projects/phpmycms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpmycms/phpmycms-0.3.zip
RFI Info:
File: tmp/phpmycms-0.3/phpmycms/basic.inc.php
Line: 3
Vuln Code: include ($basepath_start.’/config.inc.php’);

(found with version 0.2 – 2979 projects processed so far)

 

RFI (0.2): Public Media Manager September 14, 2007

Filed under: RFI — arfis @ 4:02 am

Project Name: Public Media Manager
Project Link: http://sourceforge.net/projects/pmm-cms/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pmm-cms/pmm-cms_1.3.tar.gz
RFI Info:
File: tmp/pmm-cms_1.3.ta/NewsCMS/news/newstopic_inc.php
Line: 2
Vuln Code: if (!empty($indir)) include_once ($indir).”/newsdb/config.php”;

(found with version 0.2 – 2962 projects processed so far)

 

RFI (0.2): ezConvert: phpBB ezBoard converter September 14, 2007

Filed under: RFI — arfis @ 3:48 am

Project Name: ezConvert: phpBB ezBoard converter
Project Link: http://sourceforge.net/projects/ezboard-conv/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/ezboard-conv/ezconvert-0.2.tar.gz
RFI Info:
File: tmp/ezconvert-0.2.ta/ezconvert/config.php
Line: 24
Vuln Code: include ($ezconvert_dir . ‘ezboard-parse.’ . $phpEx);

(found with version 0.2 – 2884 projects processed so far)

 

RFI (0.2): eXtremePHP September 14, 2007

Filed under: RFI — arfis @ 3:45 am

Project Name: eXtremePHP
Project Link: http://sourceforge.net/projects/extremephp/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/extremephp/eXtremePHP-0.15a.tar.gz
RFI Info:
File: tmp/eXtremePHP-0.15a.ta/html/layout/SingleLineLayout.class.php
Line: 13
Vuln Code: require_once( $DOCUMENT_ROOT . ‘lib/html/layout/GridLayout.class.php’ );

File: tmp/eXtremePHP-0.15a.ta/io/_FileUploader.test.php
Line: 17
Vuln Code: require( $DOCUMENT_ROOT . ‘/phpunit/phpunit.php’ );

(found with version 0.2 – 2863 projects processed so far)

 

RFI (0.2): PHP-Personals September 14, 2007

Filed under: RFI — arfis @ 3:38 am

Project Name: PHP-Personals
Project Link: http://sourceforge.net/projects/phppersonals1/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phppersonals1/php-personals-0.1.tar.gz
RFI Info:
File: tmp/php-personals-0.1.ta/PHP-Personals/forum/includes/topic_review.php
Line: 95
Vuln Code: include($phpbb_root_path . ‘includes/page_header.’.$phpEx);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/init.php
Line: 47
Vuln Code: include($GALLERY_BASEDIR . “platform/fs_win32.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/util.php
Line: 84
Vuln Code: include($GALLERY_BASEDIR . “layout/commentdraw.inc”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_thumb.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/progress_uploading.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/modify_user.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/configmode.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/needinit.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/unconfigured.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/reconfigure.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/delete_photo.php
Line: 33
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/resize_photo.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_caption.php
Line: 35
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/rotate_photo.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/do_command.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_appearance.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/gallery_remote.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/highlight_photo.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_field.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/albums.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/sort_album.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/add_photos.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/delete_album.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/save_photos.php
Line: 34
Vuln Code:

(found with version 0.2 – 2808 projects processed so far)

 

RFI (0.2): php.pogoworld.co.uk September 14, 2007

Filed under: RFI — arfis @ 3:28 am

Project Name: php.pogoworld.co.uk
Project Link: http://sourceforge.net/projects/flipper/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/flipper/Flipper-Poll-v1.1.0.tar.gz
RFI Info:
File: tmp/Flipper-Poll-v1.1.0.ta/poll.php
Line: 20
Vuln Code: include_once($root_path . ‘config.php’);

(found with version 0.2 – 2737 projects processed so far)

 

RFI (0.2): BC ImageServer September 14, 2007

Filed under: RFI — arfis @ 3:26 am

Project Name: BC ImageServer
Project Link: http://sourceforge.net/projects/bciserv/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/bciserv/bciserv-0.2.tar.gz
RFI Info:
File: tmp/bciserv-0.2.ta/bciserv/includes/config/security_up.php
Line: 21
Vuln Code: include($root_path.’/includes/classes/class.security.php’);

File: tmp/bciserv-0.2.ta/bciserv/includes/config/db_up.php
Line: 21
Vuln Code: include ($root_path.’/includes/classes/adodb/adodb.inc.php’);

(found with version 0.2 – 2727 projects processed so far)

 

RFI (0.2): Portal for Clan and Game Communities September 14, 2007

Filed under: RFI — arfis @ 3:19 am

Project Name: Portal for Clan and Game Communities
Project Link: http://sourceforge.net/projects/clansportal/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/clansportal/kernel_v0.9.6.zip
RFI Info:
File: tmp/kernel_v0.9.6/v0.9.6/forum/includes/topic_review.php
Line: 95
Vuln Code: include($phpbb_root_path . ‘includes/page_header.’.$phpEx);

(found with version 0.2 – 2681 projects processed so far)

 

RFI (0.2): PKTorrent Lister/Crawler September 14, 2007

Filed under: RFI — arfis @ 3:19 am

Project Name: PKTorrent Lister/Crawler
Project Link: http://sourceforge.net/projects/pktorrents/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pktorrents/pktorrents_PKTv0.1beta.zip
RFI Info:
File: tmp/pktorrents_PKTv0.1beta/pktorrents/admin/bbclone/lib/selectlang.php
Line: 17
Vuln Code: if (is_readable($BBC_LIB_PATH.”html.php”)) require_once($BBC_LIB_PATH.”html.php”);

(found with version 0.2 – 2677 projects processed so far)

 

RFI (0.2): PHP Project Management September 14, 2007

Filed under: RFI — arfis @ 3:16 am

Project Name: PHP Project Management
Project Link: http://sourceforge.net/projects/php-pm/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz
RFI Info:
File: tmp/release-0.8.ta/release-0.8/ajax/loadsplash.php
Line: 2
Vuln Code: include ($full_path.”/ajax/lang/”.$def_lang.”/loadsplash.php”);

File: tmp/release-0.8.ta/release-0.8/modules/contacts/index.php
Line: 9
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/service/index.php
Line: 4
Vuln Code: include ($full_path.”/modules/projects/lang/”.$def_lang.”/labels.php”);

File: tmp/release-0.8.ta/release-0.8/modules/log/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/messages/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/reports/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/reports/new.php
Line: 44
Vuln Code: include ($full_path.”/modules/”.$module.”/reports/rep_”.$rep_id.”.php”);

File: tmp/release-0.8.ta/release-0.8/modules/snf/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/files/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/projects/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/projects/list.php
Line: 2
Vuln Code: include ($full_path.”/modules/”.$module.”/details.php”);

File: tmp/release-0.8.ta/release-0.8/modules/projects/summary.inc.php
Line: 4
Vuln Code: include ($full_path.”/modules/”.$m_path.”/lang/”.$def_lang.”/summary.php”);

File: tmp/release-0.8.ta/release-0.8/modules/info/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/phones/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/history/index.php
Line: 2
Vuln Code: include ($full_path.”/modules/”.$module.”/”.$def_lang.”/history.php”);

File: tmp/release-0.8.ta/release-0.8/modules/syslog/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/groupadm/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/mail/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/tasks/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/tasks/searchsimilar.php
Line: 2
Vuln Code: include ($full_path.”/modules/tasks/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/tasks/details.php
Line: 197
Vuln Code: include ($full_path.”/modules/files/list.php”);

File: tmp/release-0.8.ta/release-0.8/modules/tasks/list.php
Line: 249
Vuln Code: if ( $subop == “detail” ) include ($full_path.”/modules/”.$module.”/details.php”);

File: tmp/release-0.8.ta/release-0.8/modules/tasks/summary.inc.php
Line: 4
Vuln Code: include ($full_path.”/modules/”.$m_path.”/lang/”.$def_lang.”/summary.php”);

File: tmp/release-0.8.ta/release-0.8/modules/search/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/emails/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/useradm/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/fax/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/presence/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/presence/view.php
Line: 159
Vuln Code: include ($full_path.”/modules/”.$module.”/details.php”);

File: tmp/release-0.8.ta/release-0.8/modules/organizations/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/organizations/list.php
Line: 11
Vuln Code: include ($full_path.”/modules/”.$module.”/details.php”);

File: tmp/release-0.8.ta/release-0.8/modules/events/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/modules/certinfo/index.php
Line: 3
Vuln Code: include ($full_path.”/modules/”.$module.”/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/include/loginform.php
Line: 9
Vuln Code: include ($full_path.”/lang/”.$def_lang.”/loginform.php”);

File: tmp/release-0.8.ta/release-0.8/modules/files/list.php
Line: 2
Vuln Code: require ($full_path.”/modules/files/lang/”.$def_lang.”/general.php”);

File: tmp/release-0.8.ta/release-0.8/blocks/help.php
Line: 2
Vuln Code: require ($full_path.”/blocks/lang/”.$def_lang.”/help.php”);

File: tmp/release-0.8.ta/release-0.8/blocks/birthday.php
Line: 2
Vuln Code: require ($full_path.”/blocks/lang/”.$def_lang.”/birthday.php”);

File: tmp/release-0.8.ta/release-0.8/blocks/events.php
Line: 2
Vuln Code: require ($full_path.”/blocks/lang/”.$def_lang.”/events.php”);

(found with version 0.2 – 2658 projects processed so far)

 

RFI (0.2): Multi-lingual E-Commerce System September 14, 2007

Filed under: RFI — arfis @ 3:02 am

Project Name: Multi-lingual E-Commerce System
Project Link: http://sourceforge.net/projects/mlecsphp/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/mlecsphp/generic-shop-0.2.tar.gz
RFI Info:
File: tmp/generic-shop-0.2.ta/inc/cat-EN.php
Line: 4
Vuln Code: include_once($include_path.’/classes/Category.class’);

File: tmp/generic-shop-0.2.ta/inc/checkout1-EN.php
Line: 2
Vuln Code: include_once($include_path.’/classes/Country.class’);

File: tmp/generic-shop-0.2.ta/inc/basket-EN.php
Line: 10
Vuln Code: include_once($include_path.’/classes/Product.class’);

File: tmp/generic-shop-0.2.ta/inc/prod-EN.php
Line: 4
Vuln Code: include_once($include_path.’/classes/Product.class’);

File: tmp/generic-shop-0.2.ta/inc/checkout2-EN.php
Line: 2
Vuln Code: include_once( $include_path .’/classes/Address.class’);

File: tmp/generic-shop-0.2.ta/inc/left_panel.php
Line: 4
Vuln Code: include_once($include_path.’/classes/Category.class’);

(found with version 0.2 – 2550 projects processed so far)

 

RFI (0.2): EclipseBB September 14, 2007

Filed under: RFI — arfis @ 2:48 am

Project Name: EclipseBB
Project Link: http://sourceforge.net/projects/eclipsebb/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/eclipsebb/EclipseBB_0.5.0_Lite.zip
RFI Info:
File: tmp/EclipseBB_0.5.0_Lite/0.5.0/0.5.0/includes/topic_review.php
Line: 106
Vuln Code: include($phpbb_root_path . ‘includes/page_header.’.$phpEx);

File: tmp/EclipseBB_0.5.0_Lite/0.5.0/0.5.0/includes/functions.php
Line: 25
Vuln Code: include_once( $phpbb_root_path . ‘./includes/functions_categories_hierarchy.’ . $phpEx );

(found with version 0.2 – 2461 projects processed so far)