PostNuke

Flexible Content Management System

News

PostNuke Blocks Module "func" Directory Traversal Vulnerability

Contributed by on May 19, 2005 - 11:23 PM

This flaw is due to an input validation error in the Blocks Module when handling a specially crafted "func" variable containing "..\" sequences, which may be exploited remotely to conduct directory traversal attacks.

http://server/index.php?module=Blocks&type=lang&func=../dir

* Affected Products *

PostNuke version 0.76-RC4 and prior

* Solution *

Patches are available via CVS :

http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48



http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/index.php.diff?r1=1.39&r2=1.40

2005-05-17 : Original Advisory

*******************************************

This was found by my webhost and posted to my webhost's support/security forums two days ago. I just found it today. The changelogs above have a number of changes in them.

To Admin: Is this worth making a deal over?
1755
Footnote: 1