Hi,
> www.Example.com/[Lucky]/run.php?dir=SHELL?&file=
> www.Example.com/[Lucky]/classes/ircbot.class.php?dir=SHELL?&file=
In 'run.php', the include statement ( include_once $dir . $file; ) is
within a function:
include_dir($dir)
It appears that the function is never called with user-controllable input.
In 'classes/ircbot.class.php', the include statement ( include $dir .
$file ."/plugin.php"; ) is also within a function:
load_plugins($dir)
Again, it appears that the function is never called with
user-controllable input.
Did you test this?
Stuart
