|
Brought to you by:
Suppliers of:
|
|
|
| |
phProfession is "a job board script. There are two types of phPro - a standalone version and a PostNuke module. Support for standalone versions has been discontinued. This project supports only the PostNuke module starting from version 3.0."
The module suffers from several types of vulnerabilities including full path disclosure, cross-site scripting and SQL injections. |
| |
Credit:
The information has been provided by Janek Vind.
|
| |
Vulnerable Systems:
* phprofession version 2.5, possibly prior
Full path disclosure
By requesting the following URL:
http://localhost/postnuke0726/modules/phprofession/upload.php
The following PHP error message will be displayed:
Warning: main(header.php): failed to open stream: No such file or directory in D:\apache_wwwroot\postnuke0726\modules\phprofession\upload.php on line 19
Warning: main(): Failed opening 'header.php' for inclusion (include_path='.;c:\php4\pear') in D:\apache_wwwroot\postnuke0726\modules\phprofession\upload.php on line 19
...
Cross-site scripting
The 'jcode' variable used by the upload module is not properly sanitized allowing an attacker to perform a cross-site scripting vulnerability:
http://localhost/postnuke0726/modules.php?op=modload&name=phprofession&file=upload&jcode=[xsscode here]
SQL Injection
Due to improper filtering of the parameters received by the product an SQL injection occurs whenever additional SQL commands are entered into the offset variable.
An example URL that performs such an injection:
http://localhost/postnuke0726/modules.php?op=modload&name=phprofession&file=index&offset=foobar
|
|
|
|
|
