PostNuke 0.72x Members_List Module Path Disclosure

2003-03-28T00:00:00
ID EDB-ID:22439
Type exploitdb
Reporter rkc
Modified 2003-03-28T00:00:00

Description

PostNuke 0.72x Members_List Module Path Disclosure. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/7218/info
 
Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. 

http://www.target.com/modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=uname1234