PostNuke version 0.726, and possibly earlier releases, are open to SQL injection and cross site scripting attacks due to a lack of proper parameter sanitizing.
307fc789ac7baf754c526ec507e9ec95ce669371ebffc34964b0347615a87b33<!-- All Programming, Design, And Content Copyright GulfTech Computers - By JeiAr -->
<html>
<head>
<meta name="description" content="GulfTech Computers">
<meta name="copyright" content="Copyright 2002 GulfTech Computers">
<meta name="keywords" content="computer repair, networking, web design, hacking, cracking, cyberarmy, exploits, security research, security, tutorials, knowledge, CASR, Windows Security, gulftech, jeiar, code, scripts, free scripts, discussion forum">
<meta name="author" content="JeiAr At GulfTech Dot Org">
<title>GulfTech Computers</title>
<LINK href="includes/gulftech.css" rel=stylesheet>
</head>
<body>
<!-- Start Main Table -->
<table width="775" align="center" border="0" class="maintable" cellspacing="0">
<tr>
<td colspan="3" valign="top" class="headtable" width="100%" align="center">
<!-- Start Header -->
<table align="center" background="images/gulftechtop.jpg" width="100%" height="73">
<tr>
<td>
</td>
</tr>
</table>
<table class="headersub" align="center">
<tr>
<td align="left">
GulfTech Computers - Professional Computer Services </td>
<td align="right">
<SCRIPT TYPE="text/javascript">
<!--
var monthNames = new Array( "January","February","March","April","May","June",
"July","August","September","October","November","December");
var now = new Date();
thisYear = now.getYear();
if(thisYear < 1900) {thisYear += 1900};
document.write(monthNames[now.getMonth()] + " " + now.getDate() + ", " + thisYear);
// -->
</script>
</td>
</tr>
</table><!-- End Header -->
</td>
</tr>
<!-- Start Top Table Spacer -->
<tr>
<td height="8px">
</td>
</tr>
<!-- End Top Table Spacer -->
<tr>
<td valign="top" class="sidetabledata" width="24%" align="center">
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop1" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Additional Links
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD>
<table align="center" width="100%">
<tr>
<td align="justify" class="misc">
<a href="http://www.gulftech.org/forum"><b>-> </b></a>
<a href="http://www.gulftech.org/forum" style="color: black;">Dicussion Forum</a><br>
<a href="portal.php#crypt"><b>-> </b></a>
<a href="portal.php#crypt" style="color: black;">Encryption Tools</a><br>
<a href="portal.php#info"><b>-> </b></a>
<a href="portal.php#info" style="color: black;">Information Tools</a><br>
<a href="portal.php#netinfo"><b>-> </b></a>
<a href="portal.php#netinfo" style="color: black;">Net Info Tools</a><br>
<a href="portal.php#advis"><b>-> </b></a>
<a href="portal.php#advis" style="color: black;">Latest Advisories</a><br>
<a href="portal.php#vuln"><b>-> </b></a>
<a href="portal.php#vuln" style="color: black;">Latest Vulns</a><br>
<a href="portal.php#winsoft"><b>-> </b></a>
<a href="portal.php#winsoft" style="color: black;">Latest Win Software</a><br>
<a href="portal.php#linsoft"><b>-> </b></a>
<a href="portal.php#linsoft" style="color: black;">Latest Nix Software</a><br>
<a href="portal.php#secnews"><b>-> </b></a>
<a href="portal.php#secnews" style="color: black;">Security News</a><br>
<a href="portal.php#press"><b>-> </b></a>
<a href="portal.php#press" style="color: black;">Security Press<br>
</td>
</tr>
</table>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE>
<!-- End Side Block --><!-- End Side Block -->
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Recent News
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD align="center" width="100%" class="misc">
<p align="center">
GulfTech Computers strives to beat the price(s) of any other business around.
Check with us first as it just may save you some time and money. And who doesn't want to
save money? Please contact us with any questions or inquiries.
</p>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE><!-- End Side Block -->
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Latest GulfTech Releases
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD width="100%">
<table align="center" cellpadding="5">
<tr>
<td class="misc">
<p align="center">
SubScan v1.2 Scans a domain for DNS records and SubDomains. Very stealthy, and can be used
to find many hosts not on the public netblock. A very interesting tool to say the least.
Works on both Nix and Windows based systems. Get it now!
<br><br>
<a href="http://www.gulftech.org/download/?GetFile=31"><b>Download SubScan v1.2</b></a>
</p>
</td>
</tr>
</table>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE><!-- End Side Block -->
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Search GulfTech
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
<center>
You can use the form below to search our site. Just enter the keyword or keywords to search.
<form action="search.php" method="post">
<input class="boxes" type="text" name="q" size="20" tabindex="1">
<input class="boxes" type="hidden" name="r" value="10">
</TD>
</TR>
</form>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE><!-- End Side Block -->
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Latest Advisories
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=10 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD align="left" width="100%">
<a href="http://www.net-security.org/advisory.php?id=2857" target="_blank">Debian Security Advisory - New Linux 2.4.18 packages fix local root exploit (powerpc+alpha) (DSA 417-1)</a><br>
<a href="http://www.net-security.org/advisory.php?id=2856" target="_blank">Slackware Security Advisory - Kernel security update (SSA:2004-006-01)</a><br>
<a href="http://www.net-security.org/advisory.php?id=2855" target="_blank">Debian Security Advisory - New fsp packages fix buffer overflow, directory traversal (DSA 416-1)</a><br>
<a href="http://www.net-security.org/advisory.php?id=2854" target="_blank">Debian Security Advisory - New zebra packages fix denial of service (DSA 415-1)</a><br>
<a href="http://www.net-security.org/advisory.php?id=2853" target="_blank">Debian Security Advisory - New jabber packages fix denial of service (DSA 414-1)</a><br>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE><!-- End Side Block -->
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Latest Vulnerabilities
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=10 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD align="left" width="100%">
<a href="http://www.net-security.org/vuln.php?id=3173" target="_blank">PHPgedview 2.61 Multiple Vulnerabilities</a><br>
<a href="http://www.net-security.org/vuln.php?id=3172" target="_blank">FirstClass Client 7.1 Remote Command Execution Vulnerability</a><br>
<a href="http://www.net-security.org/vuln.php?id=3171" target="_blank">Phorum 3.4.5 Multiple Vulnerabilities</a><br>
<a href="http://www.net-security.org/vuln.php?id=3170" target="_blank">vBulletin Forum 2.3.xx calendar.php SQL Injection</a><br>
<a href="http://www.net-security.org/vuln.php?id=3169" target="_blank">HotNews Arbitary File Inclusion Vulnerability</a><br>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE>
<!-- End Side Block -->
<!-- Start Side Block -->
<TABLE cellSpacing=0 cellPadding=5 width="100%" height="100%" class="sidetop" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
Latest Security News
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=10 width="100%" class="sidebot" border=0>
<TBODY>
<TR vAlign=top>
<TD align="left" width="100%">
<a href="http://www.net-security.org/news.php?id=4364" target="_blank">MSN worm does rounds</a><br>
<a href="http://www.net-security.org/news.php?id=4363" target="_blank">Don't take passwords to the grave</a><br>
<a href="http://www.net-security.org/news.php?id=4362" target="_blank">Fear about reporting e-crime</a><br>
<a href="http://www.net-security.org/news.php?id=4361" target="_blank">Court ponders Web site-blocking law</a><br>
<a href="http://www.net-security.org/news.php?id=4360" target="_blank">Microsoft publishes program to blast MSBlast</a><br>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" class="sidebreak" border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle width="100%">
</TD>
</TR>
</TBODY>
</TABLE>
<!-- End Side Block --><!-- End Side Block -->
<!-- Start Banners -->
<br><br>
<a href="http://www.packetstormsecurity.nl" target="_blank"><img src="http://www.gulftech.org/images/ps.gif" border="0"></a>
<br>
<a href="http://www.zone-h.org/" target="_blank"><img src="http://www.gulftech.org/images/zoneh.gif" border="0"></a>
<br>
<a href="http://www.securityfocus.com" target="_blank"><img src="http://www.gulftech.org/images/sf.gif" border="0"></a>
<br>
<a href="http://www.3monkeysonline.com" target="_blank"><img src="http://www.gulftech.org/images/3monkeys.gif" border="0"></a>
<br>
<a href="http://www.sans.org" target="_blank"><img src="http://www.gulftech.org/images/sans.gif" border="0"></a>
<br>
<a href="http://www.freebsd.org" target="_blank"><img src="http://www.gulftech.org/images/powerlogo.gif" border="0"></a>
<br>
<a href="http://www.2600.com" target="_blank"><img src="http://www.gulftech.org/images/2600.gif" border="0"></a>
<br>
<a href="http://www.insecure.org" target="_blank"><img src="http://www.gulftech.org/images/insecure.gif" border="0"></a>
<br>
<a href="http://www.phrack.org" target="_blank"><img src="http://www.gulftech.org/images/phrack.jpg" border="0"></a>
<br>
<a href="http://uptime.netcraft.com/up/graph" target="_blank"><img src="http://www.gulftech.org/images/n2s.gif" border="0"></a>
<br>
<br><br><!-- End Banners -->
</td>
<td width="1%"><img width="5" src="images/spacer.gif"></td>
<td valign="top" class="tabledata" width="75%" align="center">
<!-- Start Navigation Menu -->
<TABLE cellSpacing=0 cellPadding=0 width="100%" height="25" class="menumain">
<TBODY>
<TR>
<TD
title="Return To The GulfTech Main Page"
align="center"
onmouseover="style.backgroundColor='#c0c0c0'; style.cursor='default'"
onmouseout="style.backgroundColor='#c0c0c0'"
onClick="parent.location='index.php'"
class="menuactiv">
<A style="color: #000000; cursor: default;" href="index.php">
<span style="font-size: 11px;">Home</span>
</A>
</TD>
<TD
title="About GulfTech Computers"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='about.php'"
class="menucenter"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="about.php">
<span style="font-size: 11px;">About</span>
</A>
</TD>
<TD
title="Services That GulfTech Computers Offers"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='services.php'"
class="menucenter"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="services.php">
<span style="font-size: 11px;">Services</span>
</A>
</TD>
<TD
title="Tutorials, Research, And More"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='knowledge.php'"
class="menucenter"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="knowledge.php">
<span style="font-size: 11px;">Knowledge</span>
</A>
</TD>
<TD
title="An Assortment Of Online Tools"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='portal.php'"
class="menucenter"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="portal.php">
<span style="font-size: 11px;">WebPortal</span>
</A>
</TD>
<TD
title="Get In Contact With GulfTech Computers"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='contact.php'"
class="menucenter"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="contact.php">
<span style="font-size: 11px;">Contact</span>
</A>
</TD>
<TD
title="Download Custom Scripts, And More"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='download.php'"
class="menuright"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="download.php">
<span style="font-size: 11px;">Download</span>
</A>
</TD>
<TD
title="GulfTech Computers Discussion Forum(s)"
align="center"
onmouseover="style.backgroundColor='#ffffff'; style.cursor='default'"
onmouseout="style.backgroundColor='#999999'"
onClick="parent.location='forum/'"
class="menuright"
bgColor="#999999">
<A style="color: #000000; cursor: default;" href="forum/">
<span style="font-size: 11px;">Forum</span>
</A>
</TD>
</TR>
</TBODY>
</TABLE>
<!-- End Navigation Menu -->
<!-- Start MainTable Content -->
<TABLE cellSpacing=0 cellPadding=15 height="100%" width="100%" class="maintabcontent" border=0>
<TBODY>
<TR vAlign=top>
<TD>
<br><br>
<!-- Start Update Entry -->
<table width="100%">
<tr>
<td>
<div align="left">
<b style="font-size:15px; font-family: helvetica;">
Vulnerabilities In PostNuke 0.726 Phoenix
</b>
</div>
</td>
<td>
<div align="right" style="font-size: 12px; font-family: helvetica;">
January 03, 2004
</div>
</td>
</tr>
</table>
<br><br>
<table>
<tr>
<td>
<table align="left" width="100%">
<tr>
<td class="content">Vendor</td>
<td class="content">: PostNuke</td>
</tr>
<tr>
<td class="content">URL</td>
<td class="content">
: <a href="http://www.postnuke.com" target="_blank">
http://www.postnuke.com</a>
</td>
</tr>
<tr>
<td class="content">Version</td>
<td class="content">: PostNuke 0.726 Phoenix && Older(??)</td>
</tr>
<tr>
<td class="content">Risk</td>
<td class="content">: SQL Injection && XSS</td>
</tr>
<!--
<tr>
<td class="content">BID</td>
<td class="content">
: <a href="http://www.securityfocus.com/bid/" target="_blank">
http://www.securityfocus.com/bid/</a>
</td>
</tr>
-->
<tr>
<td class="content" colspan="2">
<br><br>
Description:<br>
PostNuke is a popular Open Source CMS (Content Management System) used
by millions of people all across the world.
</td>
</tr>
<tr>
<td class="content" colspan="2">
<br><br>
SQL Injection Vulnerability:<br>
SQL Injection is possible by passing unexpected data to the "sortby" variable
in the "members_list" module. This vulnerability may allow an attacker to
manipulate queries as well as view the full physical path of the PostNuke
installation. This is due to user input of the "sortby" variable not being
properly sanitized.
<br><br>
modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=[Evil_Query]
</td>
</tr>
<tr>
<td class="content" colspan="2">
<br><br>
Cross Site Scripting:<br>
XSS is possible via the download module by injecting HTML or Script into the
"ttitle" variable when viewing the details of an item for download. Example:
<br><br>
name=Downloads&file=index&req=viewdownloaddetails&lid=[VLID]&ttitle=">[CODE]
<br><br>
[VLID] = Should be the valid id number of a file for download. <br>
[CODE] = Any script or HTML etc.
</td>
</tr>
<tr>
<td class="content" colspan="2">
<br><br>
Solution:<br>
An update has been released regarding the SQL Injection vulnerability. The XSS
vuln however will not be fixed until future releases of PostNuke as it is really
not possible to Hijack a users PostNuke session using a stolen session ID, thus
limiting the chances of this being harmful to any users or administrators. Much
respect to the PostNuke Dev team and especially Andreas Krapohl aka larsneo for
being very prompt and professional about issuing a fix for this immediately. The
fixed may be obtained from the official PostNuke website at http://www.postnuke.com
</td>
</tr>
<tr>
<td class="content" colspan="2">
<br><br>
Credits:<br>
Credits go to JeiAr of the GulfTech Security Research Team.
</td>
</tr>
<tr>
<td class="content" colspan="2">
<br><br>
Related Links:<br>
<a href="http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html" target="_blank">
http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html
</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<!-- End Update Entry -->
<!-- Start Entry Break -->
<br>
<center>
<img src="images/break.jpg">
</center>
<br>
<!-- End Entry Break -->
</TD>
</TR>
</TBODY>
</TABLE>
<!-- Start MainTable Content -->
</td>
</tr>
<tr>
<td height="8px">
<tr>
<td colspan="3" class="tabledata" width="100%" height="100" align="center">
<!-- Start Bottom Table -->
<table border="0" cellspacing="0" cellpadding="0">
<tr align="center" valign="middle">
<td height="50" class="foottext">
<br><br>
<center>
<a href="http://signup.powweb.com/powweb-bin/referer.cgi?account_id=23398">
<img border="0" src="images/powweb.jpg">
</a>
</center>
<br>
© Copyright 2002 -
GulfTech Computers,
All Rights Reserved
<br>
<a href="contact.php">Contact GulfTech Computers</a></td>
</tr>
</table><!-- End Bottom Table -->
</td>
</tr>
</table>
<!-- End Main Table -->
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed