<<< Date Index >>>     <<< Thread Index >>>

Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities



SpC-x said:

> # Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities
>
> ...
> # if ($lang == "eng") {
> # include ("$direct/lang_eng.txt");
> # } elseif ($lang =="ita") {
> # include ("$direct/lang_ita.txt");


However, looking at the source code  as available on
http://scripts.ringsworld.com/chat-scripts/amr-talkbox/ , with source
files dated May 2005 and earlier, we have:


   $direct = "languages";                                                       
                //--->  The folder/directory that contain the language kits.
   
   if ($lang == "eng") {
     include ("$direct/lang_eng.txt");
   } elseif ($lang =="ita") {
     include ("$direct/lang_ita.txt");
   }


in other words - not exploitable.


- Steve