arfis

automated Remote File Inclusion search

RFI (0.2): Web Wrench/DOOM CMS September 14, 2007

Filed under: RFI — arfis @ 1:16 am

Project Name: Web Wrench/DOOM CMS
Project Link: http://sourceforge.net/projects/webwrench/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webwrench/webwrench-1.1.186.zip
RFI Info:
File: tmp/webwrench-1.1.186/webwrench-1.1/engine/exec/startup.inc.php
Line: 13
Vuln Code: include($server_root.”exec/server.inc.php”);

File: tmp/webwrench-1.1.186/webwrench-1.1/engine/exec/page.inc.php
Line: 8
Vuln Code: include($server_root.”exec/gui.inc.php”);

(found with version 0.2 – 1802 projects processed so far)