Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | PostNuke Input Validation Flaw in 'sortby' Variable in 'members_list' Module Permits SQL Injection |
|---|
Categorie: Vulnerability
Posted: 2004-01-09 by ReCall
Views: 404
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: An input validation vulnerability was reported in PostNuke. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.
JeiAr of the GulfTech Security Research Team reported that the 'members_list' module does not properly validate user-supplied input in the 'sortby' variable. A remote user may be able to execute SQL commands on the underlying database.
It is also reported that the download module does not filter HTML code from user supplied input in the 'ttitle' variable. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the PostNuke software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A demonstration exploit is provided (where '[VID]' is a valid file ID number):
name=Downloads&file=index&req=viewdownloaddetails&lid=[VID]&ttitle=">
Impact: A remote user can inject SQL commands on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PostNuke software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has released the following fixes:
1. PostNuke Phoenix 0.726-1 (.tar.gz format)
http://download.postnuke.com/pafiledb.php?action=file&id=34
Size/MD5 checksum: b56a5be2e88e5d6ad779a47bb4864084
2. PostNuke Phoenix 0.726-1 (.zip format)
http://download.postnuke.com/pafiledb.php?action=file&id=33
Size/MD5 checksum: 4b5fd57053c8577eeefef50cd1d19279
3. Members_List patch for pn0.726 (.tar.gz format)
http://download.postnuke.com/pafiledb.php?action=file&id=42
Size/MD5 checksum: 6cf971d9222821529cbf7029dcd97dcc
4. Members_List patch for pn0.726 (.zip format)
http://download.postnuke.com/pafiledb.php?action=file&id=41
Size/MD5 checksum: d36e5b9442a688e8348cf67a1ef21f56
The author of the report indicates that the fix corrects the SQL injection flaw and that a future fix will correct the cross-site scripting flaw.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=631
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
