PostNuke Xanthia Module pnadmin.php Path Disclosure

2004-07-18T15:46:48
ID OSVDB:8062
Type osvdb
Reporter DarkBicho(darkbicho@gmail.com)
Modified 2004-07-18T15:46:48

Description

Vulnerability Description

PostNuke contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when accessing the 'pnadmin.php' script directly, which will reveal the installation path resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PostNuke contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when accessing the 'pnadmin.php' script directly, which will reveal the installation path resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/html/modules/Xanthia/pnadmin.php

References:

Vendor URL: http://www.postnuke.com/ Secunia Advisory ID:12082 Related OSVDB ID: 8064 Related OSVDB ID: 8063 Other Advisory URL: http://www.swp-zone.org/archivos/advisory-10.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0731.html