PostNuke < 0.726 Phoenix - Multiple Vulnerabilities

PostNuke < 0.726 Phoenix – Multiple Vulnerabilities

漏洞ID 1054348 漏洞类型
发布时间 2004-01-03 更新时间 2004-01-03
图片[1]-PostNuke < 0.726 Phoenix - Multiple Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-PostNuke < 0.726 Phoenix - Multiple Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43795
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
PostNuke Multiple Vulnerabilities

Vendor: PostNuke
Product: PostNuke
Version: <= 0.726 Phoenix
Website: http://www.postnuke.com

BID: 7047 

Description:
PostNuke is a popular Open Source CMS (Content Management System) used by millions of people all across the world. 

SQL Injection Vulnerability:
SQL Injection is possible by passing unexpected data to the "sortby" variable in the "members_list" module. This vulnerability may allow an attacker to manipulate queries as well as view the full physical path of the PostNuke installation. This is due to user input of the "sortby" variable not being properly sanitized. 

modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=[Evil_Query] 

Cross Site Scripting:
XSS is possible via the download module by injecting HTML or Script into the "ttitle" variable when viewing the details of an item for download. Example: 

name=Downloads&file=index&req=viewdownloaddetails&lid=[VLID]&ttitle=">[CODE] 

[VLID] = Should be the valid id number of a file for download.
[CODE] = Any script or HTML etc. 

Solution:
An update has been released regarding the SQL Injection vulnerability. The XSS vuln however will not be fixed until future releases of PostNuke as it is really not possible to Hijack a users PostNuke session using a stolen session ID, thus limiting the chances of this being harmful to any users or administrators. Much respect to the PostNuke Dev team and especially Andreas Krapohl aka larsneo for being very prompt and professional about issuing a fix for this immediately. The fixed may be obtained from the official PostNuke website at http://www.postnuke.com 

http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html 

Credits:
James Bercegay of the GulfTech Security Research Team.

相关推荐: SmoothWall Encrypted Password Hash World Read Vulnerability

SmoothWall Encrypted Password Hash World Read Vulnerability 漏洞ID 1102619 漏洞类型 Configuration Error 发布时间 2002-01-15 更新时间 2002-01-15 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享