PostNuke Blocks Module Directory Traversal Vulnerability
BID:13636
Info
PostNuke Blocks Module Directory Traversal Vulnerability
| Bugtraq ID: | 13636 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2005 12:00AM |
| Updated: | May 16 2005 12:00AM |
| Credit: | Discovery is credited to pokley <[email protected]>. |
| Vulnerable: |
PostNuke Development Team PostNuke 0.76 RC4 PostNuke Development Team PostNuke 0.75 |
| Not Vulnerable: | |
Discussion
PostNuke Blocks Module Directory Traversal Vulnerability
PostNuke Blocks module is affected by a directory traversal vulnerability.
The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application.
An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server.
PostNuke Blocks module is affected by a directory traversal vulnerability.
The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application.
An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server.
Exploit / POC
PostNuke Blocks Module Directory Traversal Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/index.php?module=Blocks&type=lang&func=../../../../../../etc/passwd%00
An exploit is not required.
The following proof of concept is available:
http://www.example.com/index.php?module=Blocks&type=lang&func=../../../../../../etc/passwd%00
Solution / Fix
PostNuke Blocks Module Directory Traversal Vulnerability
Solution:
CVS patches are available from the following locations:
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/index.php.diff?r1=1.39&r2=1.40
Solution:
CVS patches are available from the following locations:
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/index.php.diff?r1=1.39&r2=1.40
References
PostNuke Blocks Module Directory Traversal Vulnerability
References:
References:
- PostNuke Homepage (PostNuke Development Team)
- Postnuke 0.750 - 0.760rc4 local file inclusion (pokley
)