Skip to content
Nuclei Templates

DotNetNuke 07.04.00 - Administration Authentication Bypass

ID: CVE-2015-2794

Severity: critical

Author: 0xr2r

Tags: cve2015,cve,dotnetnuke,auth-bypass,install

Description

Section titled “Description”

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

YAML Source

Section titled “YAML Source”
id: CVE-2015-2794


info:
  name: DotNetNuke 07.04.00 - Administration Authentication Bypass
  author: 0xr2r
  severity: critical
  description: |
    The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2015-2794
    - https://www.exploit-db.com/exploits/39777
    - http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue
    - http://www.dnnsoftware.com/community/security/security-center
    - https://dotnetnuke.codeplex.com/releases/view/615317
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2015-2794
    cwe-id: CWE-264
    epss-score: 0.9743
    epss-percentile: 0.99939
    cpe: cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: dotnetnuke
    product: dotnetnuke
    fofa-query:
      - app="DotNetNuke"
      - app="dotnetnuke"
  tags: cve2015,cve,dotnetnuke,auth-bypass,install


http:
  - method: GET
    path:
      - "{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Administrative Information"
          - "Database Information"
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022017b3fe3bc402feabb5e3498c8f334df1fbc25e119a2f6177f3f9423e2f5ee31a022100a37ccae54ba2176bfa86a26fcc3a5f147859bd85da0f673aab17264c64846039:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-2794.yaml"

View on Github