arfis

automated Remote File Inclusion search

RFI (0.2): O – OpenSource GroupWare September 14, 2007

Filed under: RFI — arfis @ 4:09 am

Project Name: O – OpenSource GroupWare
Project Link: http://sourceforge.net/projects/osgw/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/osgw/osgw-31052004-027.tar.bz2
RFI Info:
File: tmp/osgw-31052004-027.tar/osgw/osgw/config/data/o_timezones.php
Line: 12
Vuln Code: include($root_dir .”/config/tz_list.php”);

File: tmp/osgw-31052004-027.tar/osgw/osgw/config/data/o_countries.php
Line: 14
Vuln Code: require($root_dir .”/config/country_list.php”);

(found with version 0.2 – 3010 projects processed so far)