Saturday, April 23, 2011

DOT NET NUKE HACKING




MY DEAR FNDS
Today I will explain a new hacking technique known as DNN (DotNetNuke). I will show you how to hack a DNN website. Is it easy? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting. I will teach you how to find your target and how to enter into the target website and upload your files.

DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.

Below are the easy steps to implement the attack:--
  • First use a google dork to find the appropriate target.
        inurl:”/portals/0″ site:.com
  •  You can change com to your desired domain name like bd ph ae
  • Now search your website on the google after searching you will get many websites choose any one of it.
  • Its time to check the required vulnerability on the website just place this code after the web address.
        Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  • For example if you got www.victim.com
  • Replace it www.victim.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  • If you will get this screen means this web is going to hack.
 


  • Now choose the third option “A File On Your Site” And than paste this java code on your address bar.
      javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
  •     It will allow you to upload a files on this website you can upload text ~ swf ~ jpg ~ gif ~ pdf ~ Files.
  • After uploading files you can find your file on this address www.victim.com/portals/0/yourfile. extension here extension is txt jpg swf etc.
  • In our case





About Author

Hi everyone ! I am a Fresher in Cybersec. Gaming, Learning, Sharing with the community is my hobby. I help "students" who are looking to "start" their career in Cybersecurity with my opinions that I learn from my Journey.

You Might Also Like

2 comments:

  1. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write ups thanks once again.
    Vee Eee Technologies

    ReplyDelete

Search This Blog

Powered by Blogger.

Pages