|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |*|*|*|*|*|*|*|*|*|*|In The Name Of God*|*|*|*|*|*|*|*|*|*|*|*| |*|*|*|*|*|*|*|*|*|*|*||*|*|*|*|*|*|*|*|*|*|*||*|*|*|*|*|*|*|*| Exploit Title: dnn upload manager Exploit Author: Ashiyane Digital Security Team Vendor Homepage : http//ashiyane.org Google Dork : "inurl:/filemanager/ include" data : 29 october Tested on: windows 7 - Mozilla Firefox Version : 1.5.3 cve : sha256 |--------------------------------------------------------------| Exploit : after url = /dialog.php |--------------------------------------------------------------| you can upload Html - image - text |--------------------------------------------------------------| Demo : ====== http://dilernet.com.tr/filemanager/dialog.php ============================================== http://www.crtnepal.org/filemanager/dialog.php |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| Discovered By : LOARD MAHDI |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|