PostNuke 0.760-RC4b=>x Multiple vulnerabilities

PostNuke 0.760-RC4b=>x Multiple vulnerabilities

漏洞ID 1053314 漏洞类型
发布时间 2005-09-30 更新时间 2005-09-30
图片[1]-PostNuke 0.760-RC4b=>x Multiple vulnerabilities-安全小百科CVE编号 CVE-2005-2689


CVE-2005-2690

图片[2]-PostNuke 0.760-RC4b=>x Multiple vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2005090047
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[Multiple vulnerabilities in PostNuke 0.760-RC4b=>x cXIb8O3.15]

Author: Maksymilian Arciemowicz ( cXIb8O3 )
Date: 22.8.2005
from SECURITYREASON.COM

- --- 0.Description ---

PostNuke: The Phoenix Release (0.750)

PostNuke is an open source, open developement content management system
(CMS). PostNuke started as a fork from PHPNuke (http://www.phpnuke.org) and
provides many enhancements and improvements over the PHP-Nuke system. PostNuke
is still undergoing development but a large number of core functions are now
stabilising and a complete API for third-party developers is now in place.
If you would like to help develop this software, please visit our homepage
at http://noc.postnuke.com/
You can also visit us on our IRC Server irc.postnuke.com channel
#postnuke-support
#postnuke-chat
#postnuke
Or at the Community Forums located at:
http://forums.postnuke.com/


- --- 1. Sql injection in Download ---

This sql injection is non critical because exploit works only with admin rights (mysql).

The problem is in "modules/Downloads/dl-viewdownload.php".

- --------
if ($show!="") {
$perpage = $show;
} else {
$show=$perpage;
}
...
$result =& $dbconn->SelectLimit($sql,$perpage,$min);
- --------

varible $perpage.

So
http://[HOST]/[DIR]/index.php?name=Downloads&req=viewdownload&cid=1&show=[SQL%20INJECTION]

- --- 2. XSS ---

2.0 http://[HOST]/[DIR]/index.php?module=Comments&req=moderate&moderate=<center><h1>xss

2.1 http://cxib.server/PostNuke-0.760-RC4b/html/user.php?op=edituser&htmltext=<h1>xss

- --- 3. How to fix ---

Download the new version of the script or update.


- --- 4.Contact ---
Author: Maksymilian Arciemowicz 

相关推荐: Captaris Infinite Mobile Delivery Webmail 2.6 – Full Path Disclosure

Captaris Infinite Mobile Delivery Webmail 2.6 – Full Path Disclosure 漏洞ID 1054876 漏洞类型 发布时间 2005-01-29 更新时间 2005-01-29 CVE编号 N/A C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享