There was an error in this gadget
There was an error in this gadget

Friday, February 19, 2010

Hacking Sites With DNN Very Easy

PLEASE USE PROXY SO YOU DONT GET CAUGHT 

DNN (DotNetNuke) Gallery All Version Remote File Upload without Authentication

Over 10 military website and 20 state of United State of america Defaced by
this bug


Example Of The Hack

Orignal Site

http://www.raddho.org/

File In The Root

http://www.raddho.org/portals/0/badman.txt

The Song In Below Video Is Really Funny

http://www.raddho.org/portals/0/badman.flv
 
1st Find The DNN

Go To Any Search Engine

Google

And Search This Dork

:inurl:/tabid/36/language/en-US/Default.aspx

See The Results And Target Any site

You Will See This Part In Every Site That You Searched For

/Home/tabid/36/Language/en-US/Default.aspx

Now Replace This With

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You Will Enter In The Gallery Page

Now Select

File ( A File On Your Site )

At This Point Cope This Java Script And Paste It In The Address Bar

http://rapidshare.com/files/349733746/js.txt

You Will Find The Upload Option

Select Root And Upload Your File

Your File Then Will Be In The Root

Then Put This In End Of URL

portals/0/yourfile.yourfile format

Your Done Enjoy !!!
 
UPDATE:
Another Link For The Java Script

http://www.MegaShare.com/1805108 
 
PLEASE USE PROXY SO YOU DONT GET CAUGHT 

No comments:

Post a Comment

There was an error in this gadget
There was an error in this gadget