PostNuke Unauthenticated User Login Vulnerability

PostNuke Unauthenticated User Login Vulnerability

The attacker must base64 encode the string containing the malformed
User ID, Username and Password combination. The unencoded string would be in the following format (with USERID and USERNAME appropriately replaced):

USERID:USERNAME:' or uname='USERNAME

This encoded string would then be passsed to the article.php script by requesting a URL of the following form (this could be trivially accomplished from a web browser):

http://targethost/article.php?save=1&sid=20&cookieusrtime=160000&user=USERID:encodedstring

Where encodedstring is the previously described base64 encoded string. Base64 encoding can be trivially accomplished with the use of any of a number of simple utilities.