TUCoPS :: Web :: General :: a6083.htm

PostNuke path disclosure
21th Mar 2003 [SBWID-6083]
COMMAND

	PostNuke path disclosure

SYSTEMS AFFECTED

	PostNuke Version: 0.7.2.3-Phoenix (other)

PROBLEM

	Thanks to rkc [rkc@uncompiled.com] advisory :
	
	A vulnerability have  been  found  in  Postnuke  which  allow  users  to
	determine the physical path of this cms.
	
	This vulnerability would allow a remote user to determine the full  path
	to the web root directory and other information, like the database  name
	(!)
	
	
	 Example:
	 ========
	
	http://www.target.com/modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=uname1234
	
	Change 1234 by anything.
	
	If you are looking for:
	
	* Path disclosure in 0.7.2.2 & 0.7.2.1 v: (Two simples examples)
	
	http://www.target.com/modules.php?op=modload&name=Stats&file=
	
	http://www.target.com/modules.php?op=modload&name=Members_List&file=index&letter=Svi&sortby=uname1234
	
	(Change 1234 by anything).

SOLUTION

	Change the Member_List privileges, for admin's only (?)
	
	Deactivate the Member_List module (?)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH