Jump to content
Sign in to follow this  
TCH-Thomas

Postnuke Multiple Vulnerabilities

Recommended Posts

Secunia writes

 

Description:

Maksymilian Arciemowicz has reported some vulnerabilities in PostNuke, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to bypass certain security restrictions.

 

1) It is possible to bypass the HTML tag filter implemented in "pnVarCleanFromInput()" and "pnAntiCracker()" via specially-crafted HTML tags.

 

Example:

 

2) Input passed to the "htmltext" parameter in user.php and to the "language" parameter in the NS-Languages module isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

 

Example:

http://[host]/user.php?op=edituser&htmltext=

http://[host]/admin.php?module=NS-Languages&op=missing&language=">[code]

http://[host]/admin.php?module=NS-Languages&op=translation&language=[code]

 

3) An access control error in admin.php can be exploited to access certain modules like NS-Languages and Banners without requiring admin privilege.

 

Example:

http://[host]/admin.php?module=NS-Languages

http://[host]/admin.php?module=Banners

 

4) Input passed to the "language" parameter in the NS-Languages module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

 

Example:

http://[host]/admin.php?module=NS-Languages&op=missing&language=[sql]

 

Successful exploitation requires that "magic_quotes_gpc" is disabled.

 

The vulnerabilities have been reported in version 0.761 and prior.

 

Solution:

Update to version 0.762.

http://news.postnuke.com/Downloads-req-vie...load-cid-1.html

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...