arfis

automated Remote File Inclusion search

RFI (0.2): PHP-Personals September 14, 2007

Filed under: RFI — arfis @ 3:38 am

Project Name: PHP-Personals
Project Link: http://sourceforge.net/projects/phppersonals1/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phppersonals1/php-personals-0.1.tar.gz
RFI Info:
File: tmp/php-personals-0.1.ta/PHP-Personals/forum/includes/topic_review.php
Line: 95
Vuln Code: include($phpbb_root_path . ‘includes/page_header.’.$phpEx);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/init.php
Line: 47
Vuln Code: include($GALLERY_BASEDIR . “platform/fs_win32.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/util.php
Line: 84
Vuln Code: include($GALLERY_BASEDIR . “layout/commentdraw.inc”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_thumb.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/progress_uploading.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/modify_user.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/configmode.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/needinit.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/unconfigured.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/errors/reconfigure.php
Line: 1
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/delete_photo.php
Line: 33
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/resize_photo.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_caption.php
Line: 35
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/rotate_photo.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/do_command.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_appearance.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/gallery_remote.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/highlight_photo.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/edit_field.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/albums.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/sort_album.php
Line: 34
Vuln Code:

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/add_photos.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/delete_album.php
Line: 34
Vuln Code: require($GALLERY_BASEDIR . “init.php”);

File: tmp/php-personals-0.1.ta/PHP-Personals/gallery/save_photos.php
Line: 34
Vuln Code:

(found with version 0.2 – 2808 projects processed so far)