Intro.
What is PostNuke ?
PostNuke is a weblog/Content Management System (CMS).
It is far more secure and stable than competing products.
Home Page: http://www.postnuke.com
&&
A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix & prior)
which allow users to determine the physical path of this cms.
This vulnerability would allow a remote user to determine the full path to
the web root directory.
Example:
http://www.[target-website].com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
Error:
Fatal error: Call to a member function on a non-object in
/the/full/path/public_html/modules/Sections/index.php on line 238
Cheers,
rkc
--
Rep. Argentina
6765656B207374796C65
StFU, and RtFM !
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
