BugTraq
Back to list
|
Post reply
Re: LuckyBot v3 Remote File Include
Dec 26 2006 11:33PM
Stuart Moore (smoore bugtraq securityglobal net)
Hi,
> www.Example.com/[Lucky]/run.php?dir=SHELL?&file=
> www.Example.com/[Lucky]/classes/ircbot.class.php?dir=SHELL?&file=
In 'run.php', the include statement ( include_once $dir . $file; ) is
within a function:
include_dir($dir)
It appears that the function is never called with user-controllable input.
In 'classes/ircbot.class.php', the include statement ( include $dir .
$file ."/plugin.php"; ) is also within a function:
load_plugins($dir)
Again, it appears that the function is never called with
user-controllable input.
Did you test this?
Stuart
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> www.Example.com/[Lucky]/run.php?dir=SHELL?&file=
> www.Example.com/[Lucky]/classes/ircbot.class.php?dir=SHELL?&file=
In 'run.php', the include statement ( include_once $dir . $file; ) is
within a function:
include_dir($dir)
It appears that the function is never called with user-controllable input.
In 'classes/ircbot.class.php', the include statement ( include $dir .
$file ."/plugin.php"; ) is also within a function:
load_plugins($dir)
Again, it appears that the function is never called with
user-controllable input.
Did you test this?
Stuart
[ reply ]