Re: PostNuke Bugged

[Scott <rootkidd () email com>]

In-Reply-To: <20020322183112.26906.qmail () mail securityfocus com>

Hi, 

 Rootkidd seem to have made a mistake, excuse 
haste in post, the version should have been .7.0.3 
rather than 7.0.3   ;)  Decimalisation was not my 
strongest point.

 An update to this post, it seems that even their 
newer .7.10 version is vulnerable to css and csrf 
bugs in some manner or another, a mere 
manipulation of the URL post is all that is needed.

 There are a few more similar site module posts to 
make which will come after the developers have 
contacted or had a reasonable time to fix.


-rootkidd
Read, Learn, Share the knowledge


> Received: (qmail 4662 invoked from network); 22 
Mar 2002 22:28:16 -0000
> Received: from outgoing3.securityfocus.com 
(HELO outgoing.securityfocus.com) (66.38.151.27)
>  by mail.securityfocus.com with SMTP; 22 Mar 
2002 22:28:16 -0000
> Received: from lists.securityfocus.com 
(lists.securityfocus.com [66.38.151.19])
>       by outgoing.securityfocus.com (Postfix) 
with QMQP
>       id B98BCA535D; Fri, 22 Mar 2002 
14:14:01 -0700 (MST)
> Mailing-List: contact bugtraq-
help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq () securityfocus com>
> List-Help: <mailto:bugtraq-
help () securityfocus com>
> List-Unsubscribe: <mailto:bugtraq-
unsubscribe () securityfocus com>
> List-Subscribe: <mailto:bugtraq-
subscribe () securityfocus com>
> Delivered-To: mailing list 
bugtraq () securityfocus com
> Delivered-To: moderator for 
bugtraq () securityfocus com
> Received: (qmail 22689 invoked from network); 22 
Mar 2002 18:29:11 -0000
> Date: 22 Mar 2002 18:31:12 -0000
> Message-ID: <2002032