arfis

automated Remote File Inclusion search

RFI (0.2): Gizzar September 13, 2007

Filed under: RFI — arfis @ 11:58 pm

Project Name: Gizzar
Project Link: http://sourceforge.net/projects/gizzar/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz
RFI Info:
File: tmp/gizzar-03162002.ta/gizzar/index.php
Line: 2
Vuln Code: include_once($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/group-docs/admin/menu.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/group-docs/admin/welcome.php
Line: 2
Vuln Code: include_once($basePath.”include/dbobject.php”);

File: tmp/gizzar-03162002.ta/gizzar/group-docs/admin/body.php
Line: 2
Vuln Code: include_once($basePath.”/include/group.php”);

File: tmp/gizzar-03162002.ta/gizzar/group-docs/default/menu.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/group-docs/default/welcome.php
Line: 2
Vuln Code: include_once($basePath.”include/dbobject.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/profile_form.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/edit_group.php
Line: 2
Vuln Code: include_once($basePath.”include/group.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/delete_group.php
Line: 2
Vuln Code: include_once($basePath.”include/group.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/groups.php
Line: 2
Vuln Code: include_once($basePath.”include/group.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/profile_update.php
Line: 2
Vuln Code: include_once($basePath.”include/user.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/group_form.php
Line: 2
Vuln Code: include_once($basePath.”include/group.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/delete_user.php
Line: 2
Vuln Code: include_once($basePath.”include/user.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/modules.php
Line: 2
Vuln Code: include_once($basePath.”include/user.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/users.php
Line: 2
Vuln Code: include_once($basePath.”include/user.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/edit_user.php
Line: 2
Vuln Code: include_once($basePath.”include/user.php”);

File: tmp/gizzar-03162002.ta/gizzar/services/user_form.php
Line: 2
Vuln Code: include_once($basePath.”include/user.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/index.php
Line: 2
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/view.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/post.php
Line: 2
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/install.php
Line: 2
Vuln Code: include_once($basePath.”include/module.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/uninstall.php
Line: 2
Vuln Code: include_once($basePath.”include/module.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/searchResult.php
Line: 2
Vuln Code: include_once($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/main.php
Line: 2
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/config_main.php
Line: 5
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/delete.php
Line: 5
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/edit.php
Line: 2
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/searchForm.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/News/newsForm.php
Line: 2
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/index.php
Line: 2
Vuln Code: include_once($basePath.”include/module.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step8.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step2.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalPortfolioUpload.php
Line: 3
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalProduction.php
Line: 3
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditTerms.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step1.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalChecklistSave.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step5.php
Line: 10
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalFinalDelivery.php
Line: 3
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/searchResult.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditPaymentSchedule.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step4.php
Line: 7
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalCancel.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalView.php
Line: 15
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step3.php
Line: 9
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditIntellectualProperty.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalChecklist.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/main.php
Line: 2
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalPreflight.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalViewPreFlight.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalSave.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalFinalComp.php
Line: 3
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditGeneralInfo.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step7.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalFinalCompSave.php
Line: 2
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step9.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalProductionSend.php
Line: 2
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalSpecs.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditSpecialNotes.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalFinalDeliverySave.php
Line: 2
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_step6.php
Line: 7
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/setup_finished.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalPortfolioSave.php
Line: 2
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditOccurrences.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/admin/proposalEditCustInfo.php
Line: 5
Vuln Code: include_once($basePath.”themes/$theme/makeBox.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/install.php
Line: 2
Vuln Code: include_once($basePath.”include/module.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/uninstall.php
Line: 2
Vuln Code: include_once($basePath.”include/module.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/config_main.php
Line: 5
Vuln Code: include_once($basePath.”modules/$moduleName/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/backup.php
Line: 2
Vuln Code: include_once($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/module.php
Line: 2
Vuln Code: include_once($basePath.”include/dbobject.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/cart.php
Line: 2
Vuln Code: include_once($basePath.”include/dbobject.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/dbobject.php
Line: 2
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/group.php
Line: 2
Vuln Code: include_once($basePath.”include/dbobject.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/db.php
Line: 2
Vuln Code: include_once ($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/include/user.php
Line: 2
Vuln Code: include_once($basePath.”include/dbobject.php”);

File: tmp/gizzar-03162002.ta/gizzar/themes/gizzar/searchResult.php
Line: 5
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/themes/gizzar/login.php
Line: 2
Vuln Code: include_once($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/themes/gizzar/header.php
Line: 2
Vuln Code: include_once($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/themes/gizzar/body.php
Line: 2
Vuln Code: include_once($basePath.”include/config.php”);

File: tmp/gizzar-03162002.ta/gizzar/themes/gizzar/makeSearchResult.php
Line: 5
Vuln Code: include_once($basePath.”include/db.php”);

File: tmp/gizzar-03162002.ta/gizzar/group-docs/default/body.php
Line: 15
Vuln Code:

File: tmp/gizzar-03162002.ta/gizzar/modules/News/config_module.php
Line: 3
Vuln Code: require_once($basePath.”modules/$moduleName/config_main.php”);

File: tmp/gizzar-03162002.ta/gizzar/modules/Proposals/config_module.php
Line: 3
Vuln Code: require_once($basePath.”modules/$moduleName/config_main.php”);

File: tmp/gizzar-03162002.ta/gizzar/themes/gizzar/welcome.php
Line: 3
Vuln Code: require_once($basePath.”themes/$theme/”.$group->fields[‘name’].”_welcome.php”);

(found with version 0.2 – 1263 projects processed so far)