arfis

automated Remote File Inclusion search

RFI (0.2): Webgolin September 13, 2007

Filed under: RFI — arfis @ 9:27 pm

Project Name: Webgolin
Project Link: http://sourceforge.net/projects/webgolin/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webgolin/webgolin.zip
RFI Info:
File: tmp/webgolin/webgolin/contents.inc.php
Line: 8
Vuln Code: include_once($path.’/core/utils/HtmlForm.php’);

File: tmp/webgolin/webgolin/core/utils/HtmlCtrls.php
Line: 11
Vuln Code: include_once($path.’/core/utils/HtmlTable.php’);

File: tmp/webgolin/webgolin/core/utils/Translator.php
Line: 11
Vuln Code: include_once($path.”/core/data/DbTable.php”);

File: tmp/webgolin/webgolin/core/utils/HtmlForm.php
Line: 8
Vuln Code: include_once($path.’/core/connector/FormData.php’);

File: tmp/webgolin/webgolin/core/admin/Portfolio.php
Line: 8
Vuln Code: include_once($path.”/core/utils/HtmlTable.php”);

File: tmp/webgolin/webgolin/core/admin/DoLogin.php
Line: 10
Vuln Code: include_once($path.”/core/data/DbTable.php”);

File: tmp/webgolin/webgolin/core/admin/NewUser.php
Line: 10
Vuln Code: include_once($path.’/core/connector/ViewBase.php’);

File: tmp/webgolin/webgolin/core/data/AddUser.php
Line: 10
Vuln Code: include_once($path.”/core/data/DbTable.php”);

File: tmp/webgolin/webgolin/core/data/DbTable.php
Line: 9
Vuln Code: include_once($path.”/core/data/MyDb.php”);

File: tmp/webgolin/webgolin/core/Navigator.php
Line: 11
Vuln Code: include_once($path.’/core/admin/AccessCheck.php’);

File: tmp/webgolin/webgolin/mainmenu.php
Line: 2
Vuln Code: include_once($path.’/core/utils/Menu.php’);

File: tmp/webgolin/webgolin/home.php
Line: 11
Vuln Code: include_once($path.’/core/admin/AccessCheck.php’);

(found with version 0.2 – 333 projects processed so far)