exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

DotNetNuke DNNarticle Directory Traversal

DotNetNuke DNNarticle Directory Traversal
Posted Mar 31, 2018
Authored by Esmaeil Rahimian

The DNNarticle module in DotNetNuke version 11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-9126
SHA-256 | a41413f4c748f4fcf065a3f2c5c4e0ab8f4515a8fb6dafd0bde8c679cd929bf0

DotNetNuke DNNarticle Directory Traversal

Change Mirror Download
 ##############################

01. ### Advisory Information ###
Title: Directory Traversal Vulnerability in DNNarticle module
Date published: n/a
Date of last update: n/a
Vendors contacted: zldnn.com
Discovered by: Esmaeil Rahimian
Severity: Critical

02. ### Vulnerability Information ###

OVE-ID: CVE-2018-9126.

03. ### Introduction ###

DNN Article is not only a powerful module to enable post and manage
articles, but also provides total solutions for content management. Content
such as articles, news, announcements, product catalogs, etc can be
organized into unlimited levels of categories. New content can be moderated
before published. The administrator can assign roles as moderator. Also an
email can be sent when new content is added. Visitors can make comment and
rating. They can also agree or disagree an article. The product supports
common features of DotNetNuke module such as localization, portable
interface, search, Syndication etc. It can integrate with Twitter,
Facebook, Google Map, Windows Live Writer and DotNetNuke Journal to provide
more powerful functions for your portals. DNNArticle is an extendable
system. There are several sub modules shipped with DNNArticle standard
edition to provide rich and attractive look and feel experiences. There are
also several optional sub modules that provide more features. And the
number of optional sub modules is growing continually. There are also
several applications based on DNNArticle such as DNNArticle Blog and
DNNArticle Product. DNNArticle fully supports template and CSS theme. This
feature provides more flexibility for users to build more attractive user
interface.

zldnn.com

04. ### Vulnerability Description ###

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote
attackers to read the web.config file, and consequently
discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.


05. ### Technical Description / Proof of Concept Code ###
desktopmodules/DNNArticle/GetCSS.ashx/?CP=%2fweb.config&smid=512&portalid=3
with this link the attacker can see the web.config file and find DB name
and see the user name and passwords of DB

06. ### Affected Product Code Base ###
DnnArticle Module for DotNet Nuke - 11
Affected Component:
DNNArticle Module
[Attack Type]
Remote
[Impact Information Disclosure]
True
[Attack Vectors]
Attacker can see the web.config file that contain critical information
06. ### Credits ###

SecureHost[Research Team] - www.securehost.co

This vulnerability has been discovered by:
Esmaeil Rahimian - [www.securehost.co] - Rahimian(at)SecureHost(dot)co
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close