arfis

automated Remote File Inclusion search

RFI (0.2): GWAAU September 14, 2007

Filed under: RFI — arfis @ 2:13 am

Project Name: GWAAU
Project Link: http://sourceforge.net/projects/gwaau/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/gwaau/gwaau-RC2.tar.bz2
RFI Info:
File: tmp/gwaau-RC2.tar/gwaau/lostpass.php
Line: 3
Vuln Code: include($DOCUMENT_ROOT.’/login/pre.php’);

File: tmp/gwaau-RC2.tar/gwaau/changeemail.php
Line: 3
Vuln Code: include($DOCUMENT_ROOT.’/login/database.php’);

(found with version 0.2 – 2196 projects processed so far)