DotNetNuke multiple 0-day defects and repair

Affected Version: DotNetNuke 5.x

This problem may also occur in other versions.

[+] Application: DotNetNuke
[+] Affected Version: version prior to 5.x
[+] Vendor's URL: http://www.dotnetnuke.com/
[+] Bug Type: Privilege escalation, Unauthorized access, Remote
[+] Risk Level: High

 

[+] No-exploit is required to make it easier than what it is ..
[+] DotNetNuke Remote File Upload Vulnerability
[+] Add/User Account Security Failer Vulnerability
[+] Unauthorized Full access to the Server! :)
[+] Unauthorized Full access to the Files and Database!
[+] It cocould Be Failure to revalidate file and folder permissions correctly for uploads.

[-*-] Quick Note:

[-] Vulnerability Details: do not be a zone h lamer! Just try to be more effective tive speard your shit
And hunte more idiots and root their machines! Then hit them in the middle of no where by Saying
"Ph33r"

Access the upload panel Just dork: "inurl: ajaxfbs/browser.html"

Demo:

[1] http://www.bkjia.com/tramways/DesktopModules/FeedbackDesigner/ajaxfbs/browser.html
Aspx Shell with New user Privilege
Aspx. aspx "> http://www.bkjia.com/aspx.aspx
Password: admin

[2] html "> http://www.bkjia.com/DesktopModules/FlashSlide/ajaxfbs/browser.html
Aspx Shell with New user Privilege
Http://www.bkjia.com/aspx.aspx
Password: admin

[3] http://www.bkjia.com/DeskTopModules/Complete%20Feedback%20Designer/ajaxfbs/browser.html
Aspx Shell with New user Privilege
Http://www.bkjia.com/aspx.aspx
Password: admin

 

Fix:
[* _ *] The thanx belongs to the masters! Islamic Ghosts Team :)