arfis

automated Remote File Inclusion search

RFI (0.2): Extreme PHPBB September 14, 2007

Filed under: RFI — arfis @ 4:43 am

Project Name: Extreme PHPBB
Project Link: http://sourceforge.net/projects/extrememodphpbb/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/extrememodphpbb/extreme3.zip
RFI Info:
File: tmp/extreme3/extreme3/forum/includes/topic_review.php
Line: 124
Vuln Code: include($phpbb_root_path . ‘includes/page_header.’.$phpEx);

File: tmp/extreme3/extreme3/forum/includes/functions.php
Line: 36
Vuln Code: include_once( $phpbb_root_path . ‘./includes/functions_categories_hierarchy.’ . $phpEx );

File: tmp/extreme3/extreme3/forum/includes/functions_portal.php
Line: 22
Vuln Code: include_once($phpbb_root_path . ‘includes/lite.’.$phpEx);

(found with version 0.2 – 3241 projects processed so far)