20 January 2012

How To Perform a DNN(DotNetNuke) Exploit






To Start this we are going to use a google dork located bellow so just put it in google and search, and just click any link most of them are vuln.
Code:
inurl:/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Here's a picture for people that do not understand

Okay I found a Vuln link when you find yours it should open up and look like the picture bellow.
[Image: 45wens.jpg]
Now You want to locate the last bulletin point it usually says file. I'll show you in the picture bellow.
[Image: bqx5b4.jpg]
Now here's where the acutely exploitation takes place, you want to locate up to the url area ex.(http://sitename.net/Providers/HtmlEditorProviders) and type this simple code and click enter(code located bellow)
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')
Now You should see browse as in the picture bellow. . .
[Image: 8uvxcq.jpg]
After that you just click choose file/browse and upload your shell. You can locate your shell on the website and deface it at (http://sitename/portals/0/YourShellname)

0 comments:

Post a Comment