Bugtraq mailing list archives
Re: PostNuke Bugged
From: Scott <rootkidd () email com>
Date: 22 Mar 2002 23:41:33 -0000
In-Reply-To: <20020322183112.26906.qmail () mail securityfocus com> Hi, Rootkidd seem to have made a mistake, excuse haste in post, the version should have been .7.0.3 rather than 7.0.3 ;) Decimalisation was not my strongest point. An update to this post, it seems that even their newer .7.10 version is vulnerable to css and csrf bugs in some manner or another, a mere manipulation of the URL post is all that is needed. There are a few more similar site module posts to make which will come after the developers have contacted or had a reasonable time to fix. -rootkidd Read, Learn, Share the knowledge
Received: (qmail 4662 invoked from network); 22
Mar 2002 22:28:16 -0000
Received: from outgoing3.securityfocus.com
(HELO outgoing.securityfocus.com) (66.38.151.27)
by mail.securityfocus.com with SMTP; 22 Mar
2002 22:28:16 -0000
Received: from lists.securityfocus.com
(lists.securityfocus.com [66.38.151.19])
by outgoing.securityfocus.com (Postfix)
with QMQP
id B98BCA535D; Fri, 22 Mar 2002
14:14:01 -0700 (MST)
Mailing-List: contact bugtraq-
help () securityfocus com; run by ezmlm
Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-
help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-
unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-
subscribe () securityfocus com>
Delivered-To: mailing list
bugtraq () securityfocus com
Delivered-To: moderator for
bugtraq () securityfocus com
Received: (qmail 22689 invoked from network); 22
Mar 2002 18:29:11 -0000
Date: 22 Mar 2002 18:31:12 -0000 Message-ID: <2002032
Current thread:
- PostNuke Bugged Scott (Mar 22)
- <Possible follow-ups>
- Re: PostNuke Bugged Scott (Mar 22)