arfis

automated Remote File Inclusion search

RFI (0.2): Content*Builder September 14, 2007

Filed under: RFI — arfis @ 4:44 am

Project Name: Content*Builder
Project Link: http://sourceforge.net/projects/content-builder/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/content-builder/cb_071.zip
RFI Info:
File: tmp/cb_071/libraries/comment/insertComment.php
Line: 3
Vuln Code: include_once($path[cb].”lib/CB_bb_code_parser.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/article.inc.php
Line: 25
Vuln Code: include_once($cbDirLib.”CB_sext_rp.class.php”);

File: tmp/cb_071/modules/headline/showHeadline.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/headline/headlineBox.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/shoutbox/shoutBox.php
Line: 5
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article2/fullarticle.inc.php
Line: 2
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article2/overview.inc.php
Line: 2
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article/fullarticle.inc.php
Line: 2
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/article/overview.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/guestbook/guestbook.inc.php
Line: 5
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/download/detailView.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/modules/download/overview.inc.php
Line: 3
Vuln Code: include_once($rel.”libraries/BTPL_functions.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/forum/forum.inc.php
Line: 2
Vuln Code: include($pluginLocation.’/plugin.config’);

File: tmp/cb_071/contentbuilder/plugins/col_man/colModify.inc.php
Line: 221
Vuln Code: include($pluginLocation.”/colRightAdmin.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/media_manager/mediaTree.inc.php
Line: 58
Vuln Code: include($cbDirSystem.”fileTree.class.php”);

File: tmp/cb_071/contentbuilder/plugins/media_manager/mediaTypes.inc.php
Line: 19
Vuln Code: include($pluginLocation.”/mediaTypesGeneral.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artOverview.inc.php
Line: 71
Vuln Code: include($cbDirLib.”pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artModHead.inc.php
Line: 250
Vuln Code: include($pluginLocation.”/artAdd3.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/listXmlFiles.inc.php
Line: 2
Vuln Code: include($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artAdd1.inc.php
Line: 300
Vuln Code: include($pluginLocation.”/artAdd3.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/newsletter2/newsletter.inc.php
Line: 2
Vuln Code: include($pluginLocation.’/plugin.config’);

File: tmp/cb_071/contentbuilder/plugins/newsletter2/categoryDetail.inc.php
Line: 5
Vuln Code: include($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/events/eventOverview.inc.php
Line: 50
Vuln Code: include($pluginLocation.”/calendar.inc.php”);

File: tmp/cb_071/contentbuilder/plugins/poll/poll.inc.php
Line: 2
Vuln Code: include($pluginLocation.’/plugin.config’);

File: tmp/cb_071/modules/shoutbox/insertEntry.inc.php
Line: 5
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/modules/article2/comments.inc.php
Line: 14
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/modules/article/comments.inc.php
Line: 14
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/modules/guestbook/insertEntry.inc.php
Line: 7
Vuln Code: include($rel.”libraries/comment/postComment.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/headlineManager.inc.php
Line: 5
Vuln Code: require_once($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/commentManager.inc.php
Line: 2
Vuln Code: require_once($cbDirLib.”CB_pageSplit.class.php”);

File: tmp/cb_071/contentbuilder/plugins/article2/artMultipleFolder.inc.php
Line: 2
Vuln Code: require_once($cbDirLib.”CB_NestedSet.class.php”);

File: tmp/cb_071/contentbuilder/plugins/user_managment/usrDetails.inc.php
Line: 2
Vuln Code: require_once($cbDirLib.”CB_user.class.php”);

File: tmp/cb_071/modules/forum/messageAddReply.inc.php
Line: 108
Vuln Code: require_once($actualModuleDir.”messagePost.inc.php”);

File: tmp/cb_071/modules/forum/messageAddThread.inc.php
Line: 34
Vuln Code: require_once($actualModuleDir.”messagePost.inc.php”);

File: tmp/cb_071/modules/forum/showThread.inc.php
Line: 16
Vuln Code: require_once($actualModuleDir.”plugins/views/default/showThread.inc.php”);

File: tmp/cb_071/modules/forum/messageEdit.inc.php
Line: 23
Vuln Code: require_once($actualModuleDir.”messagePost.inc.php”);

File: tmp/cb_071/modules/archive/overview.inc.php
Line: 2
Vuln Code: require_once($rel.”libraries/BTPL_functions.inc.php”);

(found with version 0.2 – 3248 projects processed so far)