PostNuke 0.75/0.76 Blocks Module - Directory Traversal

EDB-ID:

25665

CVE:

N/A


Author:

pokley

Type:

webapps


Platform:

PHP

Date:

2005-05-16


source: https://www.securityfocus.com/bid/13636/info

PostNuke Blocks module is affected by a directory traversal vulnerability.

The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application.

An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server. 

http://www.example.com/index.php?module=Blocks&type=lang&func=../../../../../../etc/passwd%00