GulfTech Computers - Professional Computer Services  
Additional Links
-> Dicussion Forum
-> Encryption Tools
-> Information Tools
-> Net Info Tools
-> Latest Advisories
-> Latest Vulns
-> Latest Win Software
-> Latest Nix Software
-> Security News
-> Security Press
Recent News

GulfTech Computers strives to beat the price(s) of any other business around. Check with us first as it just may save you some time and money. And who doesn't want to save money? Please contact us with any questions or inquiries.

Latest GulfTech Releases

SubScan v1.2 Scans a domain for DNS records and SubDomains. Very stealthy, and can be used to find many hosts not on the public netblock. A very interesting tool to say the least. Works on both Nix and Windows based systems. Get it now!

Download SubScan v1.2

Search GulfTech
You can use the form below to search our site. Just enter the keyword or keywords to search.
Latest Advisories
Debian Security Advisory - New Linux 2.4.18 packages fix local root exploit (powerpc+alpha) (DSA 417-1)
Slackware Security Advisory - Kernel security update (SSA:2004-006-01)
Debian Security Advisory - New fsp packages fix buffer overflow, directory traversal (DSA 416-1)
Debian Security Advisory - New zebra packages fix denial of service (DSA 415-1)
Debian Security Advisory - New jabber packages fix denial of service (DSA 414-1)
Latest Vulnerabilities
PHPgedview 2.61 Multiple Vulnerabilities
FirstClass Client 7.1 Remote Command Execution Vulnerability
Phorum 3.4.5 Multiple Vulnerabilities
vBulletin Forum 2.3.xx calendar.php SQL Injection
HotNews Arbitary File Inclusion Vulnerability
Latest Security News
MSN worm does rounds
Don't take passwords to the grave
Fear about reporting e-crime
Court ponders Web site-blocking law
Microsoft publishes program to blast MSBlast














Home About Services Knowledge WebPortal Contact Download Forum


Vulnerabilities In PostNuke 0.726 Phoenix
January 03, 2004


Vendor : PostNuke
URL : http://www.postnuke.com
Version : PostNuke 0.726 Phoenix && Older(??)
Risk : SQL Injection && XSS


Description:
PostNuke is a popular Open Source CMS (Content Management System) used by millions of people all across the world.


SQL Injection Vulnerability:
SQL Injection is possible by passing unexpected data to the "sortby" variable in the "members_list" module. This vulnerability may allow an attacker to manipulate queries as well as view the full physical path of the PostNuke installation. This is due to user input of the "sortby" variable not being properly sanitized.

modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=[Evil_Query]


Cross Site Scripting:
XSS is possible via the download module by injecting HTML or Script into the "ttitle" variable when viewing the details of an item for download. Example:

name=Downloads&file=index&req=viewdownloaddetails&lid=[VLID]&ttitle=">[CODE]

[VLID] = Should be the valid id number of a file for download.
[CODE] = Any script or HTML etc.


Solution:
An update has been released regarding the SQL Injection vulnerability. The XSS vuln however will not be fixed until future releases of PostNuke as it is really not possible to Hijack a users PostNuke session using a stolen session ID, thus limiting the chances of this being harmful to any users or administrators. Much respect to the PostNuke Dev team and especially Andreas Krapohl aka larsneo for being very prompt and professional about issuing a fix for this immediately. The fixed may be obtained from the official PostNuke website at http://www.postnuke.com


Credits:
Credits go to JeiAr of the GulfTech Security Research Team.


Related Links:
http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html






© Copyright 2002 - GulfTech Computers, All Rights Reserved
Contact GulfTech Computers