SpC-x said:
> # Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities
>
> ...
> # if ($lang == "eng") {
> # include ("$direct/lang_eng.txt");
> # } elseif ($lang =="ita") {
> # include ("$direct/lang_ita.txt");
However, looking at the source code as available on
http://scripts.ringsworld.com/chat-scripts/amr-talkbox/ , with source
files dated May 2005 and earlier, we have:
$direct = "languages"; //---> The folder/directory that contain the language kits.
if ($lang == "eng") {
include ("$direct/lang_eng.txt");
} elseif ($lang =="ita") {
include ("$direct/lang_ita.txt");
}
in other words - not exploitable.
- Steve
