How To Perform a DNN(DotNetNuke) Exploit
To Start this we are going to use a google dork located bellow so just put it in google and search, and just click any link most of them are vuln.
Here's a picture for people that do not understand
Okay I found a Vuln link when you find yours it should open up and look like the picture bellow.
![[Image: 45wens.jpg]](http://img198.imageshack.us/img198/5278/45wens.jpg)
Now You want to locate the last bulletin point it usually says file. I'll show you in the picture bellow.
![[Image: bqx5b4.jpg]](http://img267.imageshack.us/img267/50/bqx5b4.jpg)
Now here's where the acutely exploitation takes place, you want to locate up to the url area ex.(http://sitename.net/Providers/HtmlEditorProviders) and type this simple code and click enter(code located bellow)
Now You should see browse as in the picture bellow. . .
![[Image: 8uvxcq.jpg]](http://img706.imageshack.us/img706/9185/8uvxcq.jpg)
After that you just click choose file/browse and upload your shell. You can locate your shell on the website and deface it at (http://sitename/portals/0/YourShellname)
To Start this we are going to use a google dork located bellow so just put it in google and search, and just click any link most of them are vuln.
Code:
inurl:/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxOkay I found a Vuln link when you find yours it should open up and look like the picture bellow.
![[Image: 45wens.jpg]](http://imageshack.us/photo/my-images/198/45wens.jpg/)
Now You want to locate the last bulletin point it usually says file. I'll show you in the picture bellow.
![[Image: bqx5b4.jpg]](http://imageshack.us/photo/my-images/267/bqx5b4.jpg/)
Now here's where the acutely exploitation takes place, you want to locate up to the url area ex.(http://sitename.net/Providers/HtmlEditorProviders) and type this simple code and click enter(code located bellow)
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')![[Image: 8uvxcq.jpg]](http://imageshack.us/photo/my-images/706/8uvxcq.jpg/)
After that you just click choose file/browse and upload your shell. You can locate your shell on the website and deface it at (http://sitename/portals/0/YourShellname)
0 comments:
Post a Comment