DotNetNuke website upload vulnerability & prevention
Hello guys! so today we are posting about DNN or dot net nuke exploit. The vulnerabilty lies with DNN 5.0 version and allows a malicious user to upload a file of own liking.
1.So, Lets assume we have found a website which we own with a following URL running DNN:
www.website.com/home/tabid/36/language/en-US/Default.aspx2. Now, to check if it's exploitable, Replace home/tabid/3/language/en-US/Default.aspx with this:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx3. So it will become : www.website.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
4. Hit enter. And you if you find something like this: (exploit first made public by packet storm)
5. Now in this case a hacker can misuse this upload vulnerability in DNN 5.0 and can use javascript PostBack utility to upload file of his/her own liking. This can be harmful for your server.
How to prevent DNN fileupload vulnerability
Answer is simple, update your DNN to the latest version so that any malicious user may not get an option to upload any malicious file. Being a webmaster you must subscribe to security providers and updates websites like HackersThirst to get latest updates.
Tags: Ethical Hacking, Website Vulnerability
