Comment Bug in PostNuke admin.php? (Score 1) 300
PHP-Nuke (which PostNuke is a fork off) has always been know for being hideously insecure, with most of the vulnerabilities either to do with not checking supplied variables (SQL injection) or admin.php (the admin script for adding news/downloads/forums/etc).
downloads.postnuke.com was using a copy of paFileDB modified to be integrated as a PostNuke module, which would shift admin access for the downloads over to PN's admin.php. Could it be possible that the intruder got access to it via an admin.php vulnerability?
downloads.postnuke.com was using a copy of paFileDB modified to be integrated as a PostNuke module, which would shift admin access for the downloads over to PN's admin.php. Could it be possible that the intruder got access to it via an admin.php vulnerability?
