Bugtraq mailing list archives

Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities

From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 15 Jun 2006 02:26:37 -0400 (EDT)


SpC-x said:

# Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities

...
# if ($lang == "eng") {
# include ("$direct/lang_eng.txt");
# } elseif ($lang =="ita") {
# include ("$direct/lang_ita.txt");



However, looking at the source code  as available on
http://scripts.ringsworld.com/chat-scripts/amr-talkbox/ , with source
files dated May 2005 and earlier, we have:


   $direct = "languages";                                                                       //--->  The 
folder/directory that contain the language kits.
   
   if ($lang == "eng") {
     include ("$direct/lang_eng.txt");
   } elseif ($lang =="ita") {
     include ("$direct/lang_ita.txt");
   }


in other words - not exploitable.


- Steve

Current thread:

Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities SpC-x (Jun 13)
- <Possible follow-ups>
- Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities Steven M. Christey (Jun 15)