SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   PostNuke Vendors:   postnuke.com
PostNuke 'install.php' Discloses Administrator Password to Remote Users
SecurityTracker Alert ID:  1010755
SecurityTracker URL:  http://securitytracker.com/id/1010755
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Sep 3 2004
Original Entry Date:  Jul 22 2004
Impact:   Disclosure of authentication information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 0.73x - 0.75 GOLD
Description:   hellsink reported an installation vulnerability in PostNuke. A remote user can determine the administrator's username and password on affected sites.

It is reported that many PostNuke sites fail to remove the 'install.php' file after installation. A remote user can request the file and accept the terms to view the password information.

A demonstration exploit URL is provided:

http://[target]/install.php

Impact:   A remote user can determine the administrator's username and password.
Solution:   The vendor has issued a fix in the final release of postnuke .750, available at:

http://downloads.postnuke.com

The administration area now has an additional check for the existence of install.php and the /install-folder.

Vendor URL:  www.postnuke.com/ (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Vulnerable in PostNuke 0.73x -> 0.75 GOLD



Vulnerable in PostNuke 0.73x -> 0.75 GOLD

{1} - Introduce
hi peoples, i last month i discovered one bug in instalation on PostNuke
0.73x -> 0.75 GOLD, Many admins dont change/delete the filename
"install.php" of PostNuke. Coz of this, everybody can take advantage to
discover the username or/and password of the admin. Due the security
risk its possible, to malicious user, to enter and hack a website or
simply access and read the files of the website

{2} - Exploiting
http://www.bloodbr.org/install.php with this URL, you can look the
instalation of PostNuke, and if u agree the terms, you can look the
username and password.

{3} - How to patch?
rename or delete install.php

greetz to all members of bloodbr, friends, and big kiss to LARISSINHA, I
LOVE U MY BABY ;)


------------------------------------------------------------------------
Walla! Mail - get your free 1G mail today <http://www.walla.com>


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC