arfis

automated Remote File Inclusion search

RFI (0.2): Slacker September 14, 2007

Filed under: RFI — arfis @ 2:23 am

Project Name: Slacker
Project Link: http://sourceforge.net/projects/slacker/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/slacker/slacker-1.4.1.tar.gz
RFI Info:
File: tmp/slacker-1.4.1.ta/slacker/inc/inc/createcms.inc.php
Line: 9
Vuln Code: if(!defined(“REACTOR_INC_GLOBAL”)) { include($pathtohomedir.”inc/global.inc.php”); }

File: tmp/slacker-1.4.1.ta/slacker/inc/inc/linkadmin.inc.php
Line: 9
Vuln Code: if(!defined(“REACTOR_INC_GLOBAL”)) { include($pathtohomedir.”/inc/global.inc.php”); }

File: tmp/slacker-1.4.1.ta/slacker/inc/footer.inc.php
Line: 16
Vuln Code:

File: tmp/slacker-1.4.1.ta/slacker/slacker.inc/inc/createcms.inc.php
Line: 9
Vuln Code: if(!defined(“REACTOR_INC_GLOBAL”)) { include($pathtohomedir.”inc/global.inc.php”); }

File: tmp/slacker-1.4.1.ta/slacker/slacker.inc/inc/linkadmin.inc.php
Line: 9
Vuln Code: if(!defined(“REACTOR_INC_GLOBAL”)) { include($pathtohomedir.”/inc/global.inc.php”); }

(found with version 0.2 – 2284 projects processed so far)