Bugtraq mailing list archives
Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 15 Jun 2006 02:26:37 -0400 (EDT)
SpC-x said:
# Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities ... # if ($lang == "eng") { # include ("$direct/lang_eng.txt"); # } elseif ($lang =="ita") { # include ("$direct/lang_ita.txt");
However, looking at the source code as available on http://scripts.ringsworld.com/chat-scripts/amr-talkbox/ , with source files dated May 2005 and earlier, we have: $direct = "languages"; //---> The folder/directory that contain the language kits. if ($lang == "eng") { include ("$direct/lang_eng.txt"); } elseif ($lang =="ita") { include ("$direct/lang_ita.txt"); } in other words - not exploitable. - Steve
Current thread:
- Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities SpC-x (Jun 13)
- <Possible follow-ups>
- Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities Steven M. Christey (Jun 15)