- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24307
- Проверка EDB
-
- Пройдено
- Автор
- HELLSINK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2004-07-24
PostNuke 0.7x - Install Script Administrator Password Disclosure
Код:
source: https://www.securityfocus.com/bid/10793/info
It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.
http://www.example.com/install.php
- Источник
- www.exploit-db.com