lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040102232020.3470.qmail@sf-www3-symnsj.securityfocus.com>
Date: 2 Jan 2004 23:20:20 -0000
From: JeiAr <security@...ftech.org>
To: bugtraq@...urityfocus.com
Subject: PostNuke Issues (0.726 && Possibly Older)




Vendor  : PostNuke
URL     : http://www.postnuke.com
Version : PostNuke 0.726 Phoenix && Older(??)
Risk    : SQL Injection && XSS



Description:
Postnuke is a popular Open Source CMS (Content Managment System) used
by millions of people all across the world. 



SQL Injection:
SQL Injection is possible by passing unexpected data to the "sortby" variable
in the "members_list" module. This vulnerability may allow an attacker to
manipulate queries as well as view the full physical path of the postnuke
installation. This is due to user input not being properly sanatized.



Cross Site Scripting:
XSS is possible via the download module by injecting HTML or Script into the 
"ttitle" variable when viewing the details of an item for download. Example:

name=Downloads&file=index&req=viewdownloaddetails&lid=[VID]&ttitle="><iframe>

Where [VID] is should be the valid id number of a file for download. 



Solution:
An update has been released regarding the SQL Injection vulnerability. The XSS
vuln however will not be fixed until future releases of PostNuke as it is really
not possible to HiJack a users postnuke session, thus limiting the chances of
this being harmful to any users or administrators. Much respect to the postnuke
Dev team and especially Andreas Krapohl aka larsneo for being very prompt and 
professional about issuing a fix for this immediately. The fixed may be obtained
from the official PostNuke website at http://www.postnuke.com



Credits:
Credits go to JeiAr of the GulfTech Security Research Team.
http://www.gulftech.org



Hope everyone had a good Christmas/Hanukkah/Kwanza and a Happy New Year :o)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ