arfis

automated Remote File Inclusion search

RFI (0.2): Gomba for PHP September 13, 2007

Filed under: RFI — arfis @ 9:51 pm

Project Name: Gomba for PHP
Project Link: http://sourceforge.net/projects/gomba-php/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/gomba-php/gomba-installer-0.3.2.tar.gz
RFI Info:
File: tmp/gomba-installer-0.3.2.ta/gomba-installer-0.32.3/env/sys/gomba/system/packageManager/Tools/PackageTool.php
Line: 14
Vuln Code: include_once($argv[$i+1] . ‘/gomba/Gomba.php’);

(found with version 0.2 – 496 projects processed so far)