Re: Trevorchan <= v0.7 Remote File Include Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trevorchan <= v0.7 Remote File Include Vulnerability

Subject: Re: Trevorchan <= v0.7 Remote File Include Vulnerability
Date: Tue, 16 Jan 2007 23:45:13 +0100
From: Stefano Zanero <suppressed>

suppressed wrote:

> Script:Trevorchan v0.7

Fake vuln

> require_once($tc_config['rootdir']."/inc/functions.php");
> require_once($tc_config['rootdir']."/inc/encryption.php");

These vars are initialized in config.php, which is require-d by the
files you mention.

> Exploit: 

Obviously, you didn't care to test them.

PLEASE STOP REPORTING FAKE PHP VULNS.

Stefano

Prev by Date: [ GLSA 200701-12 ] Mono: Information disclosure
Next by Date: SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal
Previous by thread: [ GLSA 200701-12 ] Mono: Information disclosure
Next by thread: SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.