Thursday, May 26, 2016

website : Dot net nuke (DNN) vulnerability [TUT]

hey guyzz today i m giving a simple tutorial on Dot net nuke(DNN) website .as we know DNN websites r having a huge vulnerability of file uploading on the root server so we can sily upload shell and deface the website.

Step 1 :goto google

Step 2:Now enter this dork (this is Dork to find DNN Vulnerable sites)

or inurl:"/portals/0"
these r dorks to find the Portal Vulnerable sites.
Step 3:
now you will get a huge list of DNN websites but the main part it to get a vulnerable website which can be defaced because now very less websites r lest vulnerable othewise this vulnerability issue have been fixed ny dot net nuke.
Step 4:
For example i have got a website .

Step 5:Now Paste after the site url
this/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxNow Site is this :

so it will look like this (screenshot above)
Note: if it will show you like this (see screenshot below) its mn site could not be find another site

Now Click onFile ( A File On Your Site )
Step 8:Now replace the URL in the address bar with this java Script

javascript:__doPostBack('ctlURL$cmdUpload','')Step 9:You will Find the Upload Option to upload files on website. Step 10:
Select Root of the website.
Step 11:
Upload yourshell download from here
After uploading shell.asp;.jpg
go for your shell;.jpg
so you after uploading shell and shell is front of you look like this (screenshot below)

Click on<Dir>...again and again till you will see admin ar

now it will show u admin ar where u can upload ur pages to main root directory ie c:/
now to replace the original index.html to put ur deface page, u have to copy the of deface page nd paste by editing index.html [this will be done in Admin dir]

NOW lets move to the most tricky part of the tutorial, and u can say it is the most intresting part because it is very very difficault to find the website which can allow to upload our shell so , lets do somthing intresting . we can upload s sily on website now follow this simple steps to change the original s of website to our ....;-)..:DD

Step 1:
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
now select a foder which is containg the which is on the the front page ofwebsite. let me take this website for an example:

Step 2:

now i found the front of the website in this portal:
first u save the with the same name nd format
now edit the as u want it to be shown.

now upload this to the portal in which it is stored
for ex i have :


step 3:

After selecting the third option, replace the URL bar with below script


now u will finde the option to upload
upload ur nd now goto the main page of the website.

mine is

lolzzz..... security brcheddd....hahaha.

this trick will work in many sites soo njoyy websitess

thnxx for rding this tutorial made by Devendra
caution:1. only for eduional purpose .
2. use proxy,vpn. short hide ur ip. :)

No comments:

Post a Comment