Sitefinity CMS ASP.Net file upload vulnerability
Author : Mr.JerK74
Shell aspx : [ Download ] password shell : backdoor
Dork : "Sitefinity: Login"
Target : http://www.cyberwolf-software.com/sitefinity/login.aspx
Exploit :
/sitefinity/login.aspx
ganti dengan
/sitefinity/UserControls/Dialogs/DocumentEditorDialog.aspx
lalu klik ( Select ) untuk upload shell, ingat upload shell yang .aspx tadi soalnya ini web berbasis ASP.Net
lalu klik "Upload selected"
Lihat gambar dibawah :
Shell aspx : [ Download ] password shell : backdoor
Dork : "Sitefinity: Login"
Target : http://www.cyberwolf-software.com/sitefinity/login.aspx
/sitefinity/login.aspx
ganti dengan
/sitefinity/UserControls/Dialogs/DocumentEditorDialog.aspx
lalu klik "Upload selected"
Lihat gambar dibawah :
lalu klik "Insert"
jika sudah check di
lalu menuju Penyimpanan shell :
target.com/Files/shell.aspx
Taraa shell aspx nya sudah tertanam :)
[+]Peraturan Komentar[+]
[-] Di Larang Berkomentar yg Berbau Pornografi
[-] Di Larang Spam
[-] Usahakan Menggunakan Kata Yg Sopan Dan Mudah Di Mengerti