PostNuke 0.7x Install Script Administrator Password Disclosure Vulnerability

2004-07-24T00:00:00
ID EDB-ID:24307
Type exploitdb
Reporter hellsink
Modified 2004-07-24T00:00:00

Description

PostNuke 0.7x Install Script Administrator Password Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/10793/info

It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.

http://www.example.com/install.php