TCH-Thomas Posted February 21, 2006 Posted February 21, 2006 Secunia writes Description:Maksymilian Arciemowicz has reported some vulnerabilities in PostNuke, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to bypass certain security restrictions. 1) It is possible to bypass the HTML tag filter implemented in "pnVarCleanFromInput()" and "pnAntiCracker()" via specially-crafted HTML tags. Example: 2) Input passed to the "htmltext" parameter in user.php and to the "language" parameter in the NS-Languages module isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Example: http://[host]/user.php?op=edituser&htmltext= http://[host]/admin.php?module=NS-Languages&op=missing&language=">[code]http://[host]/admin.php?module=NS-Languages&op=translation&language=[code] 3) An access control error in admin.php can be exploited to access certain modules like NS-Languages and Banners without requiring admin privilege. Example:http://[host]/admin.php?module=NS-Languageshttp://[host]/admin.php?module=Banners 4) Input passed to the "language" parameter in the NS-Languages module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Example:http://[host]/admin.php?module=NS-Languages&op=missing&language=[sql] Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been reported in version 0.761 and prior. Solution:Update to version 0.762.http://news.postnuke.com/Downloads-req-vie...load-cid-1.html Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.