header-logo
Suggest Exploit
vendor:
Blocks module
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Blocks module
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

PostNuke Blocks module Directory Traversal Vulnerability

PostNuke Blocks module is affected by a directory traversal vulnerability. The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application. An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in file operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13636/info

PostNuke Blocks module is affected by a directory traversal vulnerability.

The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application.

An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server. 

http://www.example.com/index.php?module=Blocks&type=lang&func=../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR