BugTraq
Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities Jun 15 2006 06:26AM
Steven M. Christey (coley mitre org)

SpC-x said:

> # Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities
>
> ...
> # if ($lang == "eng") {
> # include ("$direct/lang_eng.txt");
> # } elseif ($lang =="ita") {
> # include ("$direct/lang_ita.txt");

However, looking at the source code as available on
http://scripts.ringsworld.com/chat-scripts/amr-talkbox/ , with source
files dated May 2005 and earlier, we have:

$direct = "languages"; //---> The folder/directory that contain the language kits.

if ($lang == "eng") {
include ("$direct/lang_eng.txt");
} elseif ($lang =="ita") {
include ("$direct/lang_ita.txt");
}

in other words - not exploitable.

- Steve

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus