TeleTrust sidesteps a local file inclusion

“TeleTrust” is an it-security association in germany, which describes itself as a network for people from the industry, management and science. We discovered there a very low-hanging security issue.

While we were checking out their website we realzied it used “Typo3”. We knew there was an Exploit already that could be used, in a worst case scenario, to execute a local file inclusion. That said we took a more detailed look towards that issue. Fortunatly the requiremens for a local file inclusion was not yet given. It only sufficed for a information disclosure which disclosed the full path to the executed script. Even though security is always the goal it cannot always been totally achieved.

If the security breach had existed, it would have granted us acces to the complete system. That incident is especially embarrasing as a matter of fact that the company is suppossed to be an expert for Internet Security. We eventually informed the admin about that issue. Shortly after (about 3 days) we recived a notification that the issue had been addressed and fixed.

We are glad we were able to help and to close another case.


A screenshot of the full path disclosure at