arfis

automated Remote File Inclusion search

RFI (0.2): phpDynaSite September 14, 2007

Filed under: RFI — arfis @ 12:49 am

Project Name: phpDynaSite
Project Link: http://sourceforge.net/projects/phpdynasite/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpdynasite/dynasite3.2.2.tar.gz
RFI Info:
File: tmp/dynasite3.2.2.ta/dynasite/function_balise_url.php
Line: 13
Vuln Code: @require_once($racine.”function_replace_emoticons.php”);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/db_delete.php
Line: 3
Vuln Code: require_once($GLOBALS[classpath].’/db_read.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/rdv_extended.php
Line: 6
Vuln Code: require_once($GLOBALS[classpath].’/rdv.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/db_select.php
Line: 8
Vuln Code: require_once($GLOBALS[classpath].’/db_connect.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/db_update.php
Line: 2
Vuln Code: require_once($GLOBALS[classpath].’/db_read.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/db_insert.php
Line: 6
Vuln Code: require_once($GLOBALS[classpath].’/db_read.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/to_db.php
Line: 6
Vuln Code: require($GLOBALS[path].’/config.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/event.php
Line: 64
Vuln Code: require($GLOBALS[path].”/config.php”);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/week.php
Line: 7
Vuln Code: require($GLOBALS[path].’/config.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/diary.php
Line: 12
Vuln Code: require($GLOBALS[path].’/config.php’);

File: tmp/dynasite3.2.2.ta/dynasite/diary/classes/small_diary.php
Line: 11
Vuln Code: require($GLOBALS[path].’config.php’);

File: tmp/dynasite3.2.2.ta/dynasite/setup/default_lib.php
Line: 10
Vuln Code: require($racine.”connection.php”);

File: tmp/dynasite3.2.2.ta/dynasite/connection.php
Line: 15
Vuln Code: include($racine.”settings/connection.php”);

File: tmp/dynasite3.2.2.ta/dynasite/function_log.php
Line: 20
Vuln Code: if($connection!=”loaded”) { include($racine.”connection.php”); }

(found with version 0.2 – 1610 projects processed so far)