PostNuke Trojaned Distribution

High Nessus Plugin ID 15570

Synopsis

Arbitrary commands can be run on the remote server.

Description

The remote host seems to be running a copy of a trojaned version of the 'PostNuke' content management system.

PostNuke is a content management system in PHP whose main website has been compromised between the 24th and 26th of October 2004. An attacker modified some of the source code of the tool to execute arbitrary commands remotely on the remote host, by passing arguments to the 'oops' parameter of the file pnAPI.php.

Solution

Upgrade to the latest version of PostNuke.

Plugin Details

Severity: High

ID: 15570

File Name: postnuke_backdoor.nasl

Version: 1.12

Type: remote

Family: Backdoors

Published: 2004/10/26

Modified: 2018/06/13

Dependencies: 15721

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:postnuke

Required KB Items: www/postnuke

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 11529