arfis

automated Remote File Inclusion search

RFI (0.2): php Site Manager September 14, 2007

Filed under: RFI — arfis @ 12:26 am

Project Name: php Site Manager
Project Link: http://sourceforge.net/projects/phpsitemanager/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpsitemanager/phpSiteManager-Beta2.zip
RFI Info:
File: tmp/phpSiteManager-Beta2/index.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/page.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/edit_page.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/search.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/login.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/add_page.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/logout.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

File: tmp/phpSiteManager-Beta2/delete_page.php
Line: 29
Vuln Code: include ($server_root . ‘common.php’);

(found with version 0.2 – 1456 projects processed so far)