PostNuke

Flexible Content Management System

News

Security

Contributed by Interesting. I'd be on Jan 08, 2002 - 03:33 AM

I was using a module called netquery and a file called netinfo. Both of these apparently don't parse the form correctly and when the right IP and file are inserted and a traceroute done they give full access to your passwords and database and all. I liked the modules and it would be great if someone could fix them (if there is already a fix for this please let me know) but until then I recommend that you remove them from your sites. For those of you here at PostNuke on the developement team if you would like to be able to see what it does I would be happy to show you. Just email me at wildwoman@xtremeoverclockers.com and let me know.
2485