CVE-2015-2794 PoC — DotNetNuke 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-2794.yaml

Associated Vulnerability

Title:DotNetNuke 安全漏洞 (CVE-2015-2794)
Description:DotNetNuke（DNN）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 7.4.1之前的版本中的installation wizard存在安全漏洞。远程攻击者可通过向Install/InstallWizard.aspx文件发送直接请求利用该漏洞重新安装应用程序，并获取SuperUser访问权限。

Description

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

File Snapshot


 id: CVE-2015-2794

info:
  name: DotNetNuke 07.04.00 - Administration Authentication Bypass
  author

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!