-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've found similar deficiencies in other "vulnerabilities" listed by inj3ct0r sh3ll. Justin C. Klein Keane http://www.MadIrish.net The digital signature on this message can be confirmed using the public key at http://www.madirish.net/gpgkey On 05/03/2010 04:39 PM, Tom Walsh - lists wrote: > Both variables ($app_path and $puntal_path) are defined in the index.php > file. As such they will never be overridden when the variables are passed > via POST or GET. POST and GET variables are populated and placed into the > global scope before the page is processed by the PHP processor engine > (assuming register globals is enabled, which it hasn't been in a default PHP > install in a long time). > > Line 29 of index.php: $app_path = '/'; > Line 41 of index.php: $puntal_path = dirname(__FILE__).$app_path; > > Additionally the following line (Line 43 of Index.php) calls a function > specifically designed to unregister global variables in the global scope of > the application. > > This is not an exploit. Never was. > > Nothing to see here... Move along. > >> -----Original Message----- >> From: eidelweiss@xxxxxxxxxxxxxxxxx [mailto:eidelweiss@xxxxxxxxxxxxxxxxx] >> Sent: Monday, May 03, 2010 1:10 PM >> To: bugtraq@xxxxxxxxxxxxxxxxx >> Subject: Puntal (index.php) Remote File Inclusion Vulnerabilities >> >> Puntal could allow a remote attacker to include malicious PHP files. A > remote >> attacker could send a specially-crafted URL request to the "index.php" > script >> using the "app_path=" OR "puntal_path=" parameter to specify a malicious > PHP >> file from a remote system, which would allow the attacker to execute > arbitrary >> code on the vulnerable system. >> >> Puntal 2.1.0 is vulnerable; other versions may also be affected. >> >> An attacker can exploit these issues via a browser. >> >> -=[P0C]=- >> >> http://127.0.0.1//path/index.php?app_path= [inj3ct0r sh3ll] >> or >> http://127.0.0.1//path/index.php?puntal_path= [inj3ct0r sh3ll > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iPwEAQECAAYFAkvgVk8ACgkQkSlsbLsN1gC7HAb9FX3dMwlXSrXnnKboL9Bvy4Ty S5xqbRUNFLVd06PmedXZ/Rx8OmFWR8YZpsLE39PZ+ri1hX8huQDFBm301iMFU+Q9 UeyiIBkra6jlf/WgSu5ZIFecHvd/GOU36rluV8CYSJhxoFh69UxihYSA9II2DeVv nJIR1WAGeo0QJs4liaIoUE6YR6wy7ZEAg8/MLcR8RKlnQc3xyY0s0KIZ56TuFOUk olKsvQBg3Wsw1DvPiOT5bdoOcXQjDr4ism/WUvZk1mub/g1Vlwj+d7mw61zuBp8v eJjHF8pyQ+U4awRp5Rc= =PoyY -----END PGP SIGNATURE-----
