arfis

automated Remote File Inclusion search

RFI (0.3): php(Reactor) September 14, 2007

Filed under: RFI — arfis @ 5:36 pm

Project Name: php(Reactor)
Project Link: http://sourceforge.net/projects/phpreactor/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/phpreactor/phpreactor-1.2.7pl1.tar.gz
RFI Info:
File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-int.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/phpreactor.org-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

File: tmp/phpreactor-1.2.7pl1.ta/phpreactor-1.2.7pl1/examples/ekilat.com-top.tpl.php
Line: 2
Vuln Code: if(!defined(“REACTOR_INC_BBS”)) { include($pathtohomedir.”/inc/bbs.inc.php”); }

(found with version 0.3 – 4147 projects processed so far)

Advertisements
 

RFI (0.3): PHPortal

Filed under: RFI — arfis @ 5:35 pm

Project Name: PHPortal
Project Link: http://sourceforge.net/projects/xpc/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/xpc/PHPortal_beta_v027.zip
RFI Info:
File: tmp/PHPortal_beta_v027/form/db_form/employee.php
Line: 4
Vuln Code: require($DOCUMENT_ROOT.’/form/db_form_o_model.php’);

(found with version 0.3 – 4141 projects processed so far)

 

RFI (0.3): YaPiG – Yet Another PHP Image Gallery

Filed under: RFI — arfis @ 5:34 pm

Project Name: YaPiG – Yet Another PHP Image Gallery
Project Link: http://sourceforge.net/projects/yapig/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/yapig/yapig-0.95b.tar.gz
RFI Info:
File: tmp/yapig-0.95b.ta/yapig-0.95b/sample.php
Line: 10
Vuln Code: require_once($YAPIG_PATH .’last_gallery.php’);

(found with version 0.3 – 4139 projects processed so far)

 

RFI (0.3): myphpPagetool

Filed under: RFI — arfis @ 5:12 pm

Project Name: myphpPagetool
Project Link: http://sourceforge.net/projects/myphppagetool/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/myphppagetool/myphpPagetool-0.4.3.tar.gz
RFI Info:
File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/index.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help6.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help9.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help3.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help1.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help4.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help8.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help5.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help2.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

File: tmp/myphpPagetool-0.4.3.ta/myphpPagetool/doc/admin/help7.php
Line: 2
Vuln Code: include ($ptinclude . “/pt_config.inc”);

(found with version 0.3 – 4028 projects processed so far)

 

RFI (0.3): Webmedia Explorer

Filed under: RFI — arfis @ 5:10 pm

Project Name: Webmedia Explorer
Project Link: http://sourceforge.net/projects/webmex/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/webmex/Webmedia_Explorer_3_2_2.zip
RFI Info:
File: tmp/Webmedia_Explorer_3_2_2/wme/includes/core.lib.php
Line: 3
Vuln Code: include ( $path_include.”int.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/includes/rss.class.php
Line: 3
Vuln Code: include ( $path_include.”xdoc.class.php” );

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/main.tpl.php
Line: 14
Vuln Code:

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/folder_messages_link_message_name.tpl.php
Line: 7
Vuln Code: I_am_post () ) include ( $path_template.”folder_messages_link_message_desc.tpl.php” ) ?>

File: tmp/Webmedia_Explorer_3_2_2/wme/templates/sidebar.tpl.php
Line: 7
Vuln Code: include ( $path_templates.”dirs.tpl.php” );

(found with version 0.3 – 4016 projects processed so far)

 

RFI (0.3): Streamline PHP Media Server

Filed under: RFI — arfis @ 5:08 pm

Project Name: Streamline PHP Media Server
Project Link: http://sourceforge.net/projects/streamline/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/streamline/streamline-1.0-beta4.tar.gz
RFI Info:
File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/admin_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/admin/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/info_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/browse/info_footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/theme_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/common/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/browse_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/browse/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/account_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/account/footer.php” );

File: tmp/streamline-1.0-beta4.ta/streamline-1.0-beta4/src/core/theme/includes/search_footer.php
Line: 2
Vuln Code: require_once( $sl_theme_unix_path.”/search/footer.php” );

(found with version 0.3 – 4005 projects processed so far)

 

RFI (0.3): pSlash

Filed under: RFI — arfis @ 4:42 pm

Project Name: pSlash
Project Link: http://sourceforge.net/projects/pslash/
Project DL: http://surfnet.dl.sourceforge.net/sourceforge/pslash/pslash-0.70.tar.gz
RFI Info:
File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/admin/view-archiver.inc.php
Line: 14
Vuln Code: include($lvc_admin_dir.’/archiver-export.inc.php’);

File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/include/config.inc.php
Line: 33
Vuln Code: include($lvc_include_dir.’lang/english.inc.php’);

File: tmp/pslash-0.70.ta/pslash-0.70/html/modules/visitors2/include/menus.inc.php
Line: 47
Vuln Code: include($lvc_include_dir.’/menus-‘.$view.’.inc.php’);

(found with version 0.3 – 3870 projects processed so far)