[24815] in bugtraq

home help back first fref pref prev next nref lref last post

Re: PostNuke Bugged

daemon@ATHENA.MIT.EDU (Scott)
Fri Mar 22 21:50:20 2002

Date: 22 Mar 2002 23:41:33 -0000
Message-ID: <20020322234133.23118.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Scott <rootkidd@email.com>
To: bugtraq@securityfocus.com


In-Reply-To: <20020322183112.26906.qmail@mail.securityfocus.com>

Hi, 

 Rootkidd seem to have made a mistake, excuse 
haste in post, the version should have been .7.0.3 
rather than 7.0.3   ;)  Decimalisation was not my 
strongest point.

 An update to this post, it seems that even their 
newer .7.10 version is vulnerable to css and csrf 
bugs in some manner or another, a mere 
manipulation of the URL post is all that is needed.

 There are a few more similar site module posts to 
make which will come after the developers have 
contacted or had a reasonable time to fix.


-rootkidd
Read, Learn, Share the knowledge


>Received: (qmail 4662 invoked from network); 22 
Mar 2002 22:28:16 -0000
>Received: from outgoing3.securityfocus.com 
(HELO outgoing.securityfocus.com) (66.38.151.27)
>  by mail.securityfocus.com with SMTP; 22 Mar 
2002 22:28:16 -0000
>Received: from lists.securityfocus.com 
(lists.securityfocus.com [66.38.151.19])
>	by outgoing.securityfocus.com (Postfix) 
with QMQP
>	id B98BCA535D; Fri, 22 Mar 2002 
14:14:01 -0700 (MST)
>Mailing-List: contact bugtraq-
help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-
help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-
unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:bugtraq-
subscribe@securityfocus.com>
>Delivered-To: mailing list 
bugtraq@securityfocus.com
>Delivered-To: moderator for 
bugtraq@securityfocus.com
>Received: (qmail 22689 invoked from network); 22 
Mar 2002 18:29:11 -0000
>Date: 22 Mar 2002 18:31:12 -0000
>Message-ID: <2002032
home help back first fref pref prev next nref lref last post