Bugtraq mailing list archives
Vulnerability in PostNuke
From: sni-labs () sni-labs com
Date: Wed, 22 Nov 2006 00:34:16 +0200
Error PostNuke in the variable stop which can be exploited by malicious people to disclose system information. Luckily the vulnerability affects to the 0.7.5.0 version and minors.
POC: http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value) Example: http://www.dev-postnuke.com/user.php?stop=a http://www.americavivetv.com/user.php?stop=a http://www.ciberpsique.net/user.php?stop=ahttp://www.bonsaiabm.com/user.php?stop=a http://www.elrincondejada.net/user.php?stop=a http://www.salsa.org.pl/user.php?stop=a http://www.choco.org/user.php?stop=a
by rMrGvG http://SNI-LABS.com since 1998 ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- Vulnerability in PostNuke sni-labs (Nov 21)