I did email them (but haven't heard anything yet).  I had not seen your post prior to my earlier post, since my posts are moderated, they take a while to go up...

I understand their are other ways to get in, and am not saying that it couldn't have been another option, but the content left was DNN specific and in a DNN specific location.  Regardless of where the vulnerability was (DNN or OS or whatever), the person was attacking DNN specific sites (not to say he/she hasn't attacked non-DNN sites, but these specific attacks were DNN related).  Personally, I believe it was vulnerability in DNN or a specific module (Effority is what these Modules were embedded in), but Windows 2003 Server and SQL Server are also potential weaknesses (although the argument for them is diminished given the nature of the hacked content).

I am not trying to say there is a problem per se with DNN (I have been using it successfully on over 100 unique client websites for many years and am familiar with how it works and behaves).  I am just trying to 1) figure out if others have had a similar problem and 2) notify the community in general that there MAY be a vulnerability that is just starting to be exploited.  

Tim, I've already replied to your email which we recevied 10 hours ago (8 of which I was asleep for :) )

As you've been discussing this in public and to calm the fears of anyone who's read this thread, I'll post a few comments.

Sebastian is correct in that seeing the same injected string on 2 sites is no indication of an issue being DotNetNuke specific. In fact many times when we get similar reports, some searching reveals the injected string across classic asp apps, php apps, other asp.net apps and dotnetnuke. In this case I'd suggest the common link may be a 3rd party module used in both sites.