BugTraq
Re: LuckyBot v3 Remote File Include Dec 26 2006 11:33PM
Stuart Moore (smoore bugtraq securityglobal net)
Hi,

> www.Example.com/[Lucky]/run.php?dir=SHELL?&file=
> www.Example.com/[Lucky]/classes/ircbot.class.php?dir=SHELL?&file=

In 'run.php', the include statement ( include_once $dir . $file; ) is
within a function:

include_dir($dir)

It appears that the function is never called with user-controllable input.

In 'classes/ircbot.class.php', the include statement ( include $dir .
$file ."/plugin.php"; ) is also within a function:

load_plugins($dir)

Again, it appears that the function is never called with
user-controllable input.

Did you test this?

Stuart

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus