PostNuke Trojaned Distribution

high Nessus Plugin ID 15570

Synopsis

Arbitrary commands can be run on the remote server.

Description

The remote host seems to be running a copy of a trojaned version of the 'PostNuke' content management system.

PostNuke is a content management system in PHP whose main website has been compromised between the 24th and 26th of October 2004. An attacker modified some of the source code of the tool to execute arbitrary commands remotely on the remote host, by passing arguments to the 'oops' parameter of the file pnAPI.php.

Solution

Upgrade to the latest version of PostNuke.

Plugin Details

Severity: High

ID: 15570

File Name: postnuke_backdoor.nasl

Version: 1.14

Type: remote

Family: Backdoors

Published: 10/26/2004

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:postnuke

Required KB Items: www/postnuke

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 11529