arfis

automated Remote File Inclusion search

RFI (0.2): Multi-lingual E-Commerce System September 14, 2007

Filed under: RFI — arfis @ 3:02 am

Project Name: Multi-lingual E-Commerce System
Project Link: http://sourceforge.net/projects/mlecsphp/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/mlecsphp/generic-shop-0.2.tar.gz
RFI Info:
File: tmp/generic-shop-0.2.ta/inc/cat-EN.php
Line: 4
Vuln Code: include_once($include_path.’/classes/Category.class’);

File: tmp/generic-shop-0.2.ta/inc/checkout1-EN.php
Line: 2
Vuln Code: include_once($include_path.’/classes/Country.class’);

File: tmp/generic-shop-0.2.ta/inc/basket-EN.php
Line: 10
Vuln Code: include_once($include_path.’/classes/Product.class’);

File: tmp/generic-shop-0.2.ta/inc/prod-EN.php
Line: 4
Vuln Code: include_once($include_path.’/classes/Product.class’);

File: tmp/generic-shop-0.2.ta/inc/checkout2-EN.php
Line: 2
Vuln Code: include_once( $include_path .’/classes/Address.class’);

File: tmp/generic-shop-0.2.ta/inc/left_panel.php
Line: 4
Vuln Code: include_once($include_path.’/classes/Category.class’);

(found with version 0.2 – 2550 projects processed so far)