bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: LuckyBot v3 Remote File Include

from [Stuart Moore] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: Re: LuckyBot v3 Remote File Include
From: Stuart Moore <smoore.bugtraq@securityglobal.net>
Date: Tue, 26 Dec 2006 18:33:52 -0500
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
User-agent: Thunderbird 1.5.0.9 (Windows/20061207) 
Hi,

> www.Example.com/[Lucky]/run.php?dir=SHELL?&file=
> www.Example.com/[Lucky]/classes/ircbot.class.php?dir=SHELL?&file=
In 'run.php', the include statement ( include_once $dir . $file; ) is within a function: 

  include_dir($dir)

It appears that the function is never called with user-controllable input.
In 'classes/ircbot.class.php', the include statement ( include $dir . $file ."/plugin.php"; ) is also within a function: 

  load_plugins($dir)
Again, it appears that the function is never called with user-controllable input. 

Did you test this?

Stuart
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: phpcms <=- 1.1.7 Remote File Inclusion, Hugo van der Kooij
Next by Date:  Re: The (in)security of Xorg and DRI, Pavel Kankovsky
Previous by Thread:  LuckyBot v3 Remote File Include, i-k-t
Next by Thread:  [OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser), OpenPKG GmbH
Indexes:  [Date] [Thread] [Top] [All Lists]