| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001501c2f4c9$5d813d70$6101a8c0@ryoko> Date: Thu, 27 Mar 2003 20:28:40 -0500 From: "Kilmarac Jarov -" <kilmarac@...eaker.net> To: <bugtraq@...urityfocus.com> Subject: Re: PostNuke Sensitive Information Disclosure I must be missing what you are saying to replace 1234 with, as I didnt get anything but errors. However, Deactivating the module only would not be sufficient as the module itself is still accessible. I would say that if you want to secure it completely, either remove it from the modules, or rename it to something unique so that it cant be found. ----- Original Message ----- From: "rkc" <rkc@...ompiled.com> To: <bugtraq@...urityfocus.com> Sent: Wednesday, March 26, 2003 6:47 PM Subject: PostNuke Sensitive Information Disclosure > Title: PostNuke path disclosure, and... (db name). > Version: 0.7.2.3-Phoenix (other) > Problem: > > A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix) which allow > users to determine the physical path of this cms. > > This vulnerability would allow a remote user to determine the full path to > the web root directory and other information, like the database name (!) > > > Example: > > http://www.target.com/modules.php?op=modload&name=Members_List&file=index&le > tter=All&sortby=uname1234 > > Change 1234 by anything. > > > ----- > > If you are looking for: > > * Path disclosure in 0.7.2.2 & 0.7.2.1 v: > (Two simples examples) > > http://www.target.com/modules.php?op=modload&name=Stats&file= > > http://www.target.com/modules.php?op=modload&name=Members_List&file=index&le > tter=Svi&sortby=uname1234 > > (Change 1234 by anything). > > (not.always) > > ----- > > Solutions: > > Change the Member_List privileges, for admin's only (?) > Deactivate the Member_List module (?) > > ----- > > > Greetz ! > > > rkc > > ~ > Rep. Argentina > 6765656B207374796C65 > StFU, and RtFM ! --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003
Powered by blists - more mailing lists