I must be missing what you are saying to replace 1234 with, as I didnt get
anything but errors.
However,
Deactivating the module only would not be sufficient as the module itself is
still accessible.
I would say that if you want to secure it completely, either remove it from
the modules, or rename it to something unique so that it cant be found.
----- Original Message -----
From: "rkc" <rkc (at) uncompiled (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Wednesday, March 26, 2003 6:47 PM
Subject: PostNuke Sensitive Information Disclosure
> Title: PostNuke path disclosure, and... (db name).
> Version: 0.7.2.3-Phoenix (other)
> Problem:
>
> A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix) which allow
> users to determine the physical path of this cms.
>
> This vulnerability would allow a remote user to determine the full path to
> the web root directory and other information, like the database name (!)
>
>
> Example:
>
>
http://www.target.com/modules.php?op=modload&name=Members_List&file=inde
x&le
> tter=All&sortby=uname1234
>
> Change 1234 by anything.
>
>
> -----
>
> If you are looking for:
>
> * Path disclosure in 0.7.2.2 & 0.7.2.1 v:
> (Two simples examples)
>
> http://www.target.com/modules.php?op=modload&name=Stats&file=
>
>
http://www.target.com/modules.php?op=modload&name=Members_List&file=inde
x&le
> tter=Svi&sortby=uname1234
>
> (Change 1234 by anything).
>
> (not.always)
>
> -----
>
> Solutions:
>
> Change the Member_List privileges, for admin's only (?)
> Deactivate the Member_List module (?)
>
> -----
>
>
> Greetz !
>
>
> rkc
>
> ~
> Rep. Argentina
> 6765656B207374796C65
> StFU, and RtFM !
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003
anything but errors.
However,
Deactivating the module only would not be sufficient as the module itself is
still accessible.
I would say that if you want to secure it completely, either remove it from
the modules, or rename it to something unique so that it cant be found.
----- Original Message -----
From: "rkc" <rkc (at) uncompiled (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Wednesday, March 26, 2003 6:47 PM
Subject: PostNuke Sensitive Information Disclosure
> Title: PostNuke path disclosure, and... (db name).
> Version: 0.7.2.3-Phoenix (other)
> Problem:
>
> A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix) which allow
> users to determine the physical path of this cms.
>
> This vulnerability would allow a remote user to determine the full path to
> the web root directory and other information, like the database name (!)
>
>
> Example:
>
>
http://www.target.com/modules.php?op=modload&name=Members_List&file=inde
x&le
> tter=All&sortby=uname1234
>
> Change 1234 by anything.
>
>
> -----
>
> If you are looking for:
>
> * Path disclosure in 0.7.2.2 & 0.7.2.1 v:
> (Two simples examples)
>
> http://www.target.com/modules.php?op=modload&name=Stats&file=
>
>
http://www.target.com/modules.php?op=modload&name=Members_List&file=inde
x&le
> tter=Svi&sortby=uname1234
>
> (Change 1234 by anything).
>
> (not.always)
>
> -----
>
> Solutions:
>
> Change the Member_List privileges, for admin's only (?)
> Deactivate the Member_List module (?)
>
> -----
>
>
> Greetz !
>
>
> rkc
>
> ~
> Rep. Argentina
> 6765656B207374796C65
> StFU, and RtFM !
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003
[ reply ]