频道栏目
首页 > 安全 > 网站安全 > 正文

DotNetNuke多个0day缺陷及修复

2011-07-07 09:56:03           
收藏   我要投稿

 受影响版本:DotNetNuke 5.x

 其他版本可能也存在该问题

[+] Application: DotNetNuke
[+] Affected Version: version prior to 5.x
[+] Vendor’s URL: http://www.dotnetnuke.com/
[+] Bug Type: Privilege escalation, Unauthorized access, Remote
[+] Risk Level: High

 

[+] No-exploit is required to make it easier than what it is..
[+] DotNetNuke Remote File Upload Vulnerability
[+] Add/User Account Security Failer Vulnerability
[+] Unauthorized Full access to the Server! :)
[+] Unauthorized Full access to the Files and Database!
[+] It Could Be Failure to revalidate file and folder permissions correctly for uploads.

[-*-] Quick Note:

 [-] Vulnerability Details: DO NOT be a zone h lamer! just try to be more effective speard your shit
     And hunte more idiots and root their machines! then hit them in the middle of no where by Saying
               "Ph33r"

Access the upload panel Just dork:"inurl:ajaxfbs/browser.html"

Demo:

[1] https://www.2cto.com/tramways/DesktopModules/FeedbackDesigner/ajaxfbs/browser.html
    Aspx Shell with New user Privilege
    aspx.aspx">http://www.2cto.com/aspx.aspx
    Password: admin

[2] https://www.2cto.com/DesktopModules/FlashSlide/ajaxfbs/browser.html
    Aspx Shell with New user Privilege
    http://www.2cto.com/aspx.aspx
    Password: admin

[3] https://www.2cto.com/DeskTopModules/Complete%20Feedback%20Designer/ajaxfbs/browser.html
    Aspx Shell with New user Privilege
    http://www.2cto.com/aspx.aspx
    Password: admin

 

修复:
[*_*] The thanx belongs to the masters! Islamic Ghosts Team :)

相关TAG标签 缺陷 多个
上一篇:Discuz!NT 3.6用户空间跨站漏洞及修复
下一篇:BbZL.PhP 文件包含及修复
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站