Puntal (index.php) Remote File Inclusion Vulnerabilities May 03 2010 06:10PM
eidelweiss cyberservices com (1 replies)
RE: Puntal (index.php) Remote File Inclusion Vulnerabilities May 03 2010 08:39PM
Tom Walsh - lists (mailinglist expresshosting net) (1 replies)
Re: Puntal (index.php) Remote File Inclusion Vulnerabilities May 04 2010 05:15PM
Justin C. Klein Keane (justin madirish net)
Hash: SHA1

I've found similar deficiencies in other "vulnerabilities" listed by
inj3ct0r sh3ll.

Justin C. Klein Keane

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey

On 05/03/2010 04:39 PM, Tom Walsh - lists wrote:
> Both variables ($app_path and $puntal_path) are defined in the index.php
> file. As such they will never be overridden when the variables are passed
> via POST or GET. POST and GET variables are populated and placed into the
> global scope before the page is processed by the PHP processor engine
> (assuming register globals is enabled, which it hasn't been in a default PHP
> install in a long time).
> Line 29 of index.php: $app_path = '/';
> Line 41 of index.php: $puntal_path = dirname(__FILE__).$app_path;
> Additionally the following line (Line 43 of Index.php) calls a function
> specifically designed to unregister global variables in the global scope of
> the application.
> This is not an exploit. Never was.
> Nothing to see here... Move along.
>> -----Original Message-----
>> From: eidelweiss (at) cyberservices (dot) com [email concealed] [mailto:eidelweiss (at) cyberservices (dot) com [email concealed]]
>> Sent: Monday, May 03, 2010 1:10 PM
>> To: bugtraq (at) securityfocus (dot) com [email concealed]
>> Subject: Puntal (index.php) Remote File Inclusion Vulnerabilities
>> Puntal could allow a remote attacker to include malicious PHP files. A
> remote
>> attacker could send a specially-crafted URL request to the "index.php"
> script
>> using the "app_path=" OR "puntal_path=" parameter to specify a malicious
>> file from a remote system, which would allow the attacker to execute
> arbitrary
>> code on the vulnerable system.
>> Puntal 2.1.0 is vulnerable; other versions may also be affected.
>> An attacker can exploit these issues via a browser.
>> -=[P0C]=-
>> [inj3ct0r sh3ll]
>> or
>> [inj3ct0r sh3ll
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus