Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2024 Tenable Network Security, Inc.POSTNUKE_INFO_DISCLOSURE2.NASL
HistoryMay 29, 2003 - 12:00 a.m.

PostNuke Sections Module Information Disclosure

2003-05-2900:00:00
This script is Copyright (C) 2003-2024 Tenable Network Security, Inc.
www.tenable.com
8

7.6 High

AI Score

Confidence

Low

JSON

The remote host is running PostNuke. It is possible to use the CMS to determine the full path to its installation on the server or the name of the database used, by doing a request like :

/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=

An attacker may use these flaws to gain a more intimate knowledge of the remote host.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(11666);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_name(english:"PostNuke Sections Module Information Disclosure");

  script_set_attribute(attribute:"synopsis", value:
"A remote web application is affected by an information disclosure 
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is running PostNuke. It is possible to use the CMS to 
determine the full path to its installation on the server or the name of
the database used, by doing a request like :

/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=

An attacker may use these flaws to gain a more intimate knowledge of the
remote host.");
  script_set_attribute(attribute:"solution", value:
"Change the members list privileges to admins only, or disable the 
members list module completely.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_publication_date", value:"2003/05/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:postnuke_software_foundation:postnuke");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2003-2024 Tenable Network Security, Inc.");

  script_dependencies("postnuke_detect.nasl");
  script_require_keys("www/postnuke");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);

kb = get_kb_item("www/" + port + "/postnuke" );
if ( ! kb ) exit(0);
stuff = eregmatch(pattern:"(.*) under (.*)", string:kb );
dir = stuff[2];


if(!can_host_php(port:port))exit(0);

u = string(dir, "/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=");
r = http_send_recv3(method: "GET", item: u, port:port);
if (isnull(r)) exit(0);
 
if(egrep(pattern:".*/.*/index\.php.*236", string: r[0]+r[1]+r[2]))
 security_warning(port, extra: 
strcat('\nThe following URL exhibits the flaw :\n\n', build_url(port: port, qs: u), '\n'));
VendorProductVersionCPE
postnuke_software_foundationpostnukecpe:/a:postnuke_software_foundation:postnuke

7.6 High

AI Score

Confidence

Low

JSON