DNN (DotNetNuke) Gallery All Version Remote File Upload without Authentication
Bug Found by Alireza Afzali From ISCN Team
Date of finding bug : 2008/05/5
Over 10 military website and 20 state of United State of america Defaced by
this bug
Example Of The Hack
Orignal Site
Bug Found by Alireza Afzali From ISCN Team
Date of finding bug : 2008/05/5
Over 10 military website and 20 state of United State of america Defaced by
this bug
Example Of The Hack
Orignal Site
http://www.raddho.org/
File In The Root
File In The Root
http://www.raddho.org/portals/0/badm
The Song In Below Video Is Really Funny
The Song In Below Video Is Really Funny
So Here Are The Steps :--
1st Find The DNN
Go To Any Search Engine
Google
And Search This Dork
:inurl:/tabid/36/language/en-US/Defa
See The Results And Target Any site
You Will See This Part In Every Site That You Searched For
/Home/tabid/36/Language/en-US/Default
Now Replace This With
/Providers/HtmlEditorProviders/Fck/f
You Will Enter In The Gallery Page
Now Select
File ( A File On Your Site )
At This Point Cope This Java Script And Paste It In The Address Bar
http://rapidshare.com/files/349733746
You Will Find The Upload Option
Select Root And Upload Your File
Your File Then Will Be In The Root
Then Put This In End Of URL
portals/0/yourfile.yourfile format
Your Done Enjoy !!!
Go To Any Search Engine
And Search This Dork
:inurl:/tabid/36/language/en-US/Defa
See The Results And Target Any site
You Will See This Part In Every Site That You Searched For
/Home/tabid/36/Language/en-US/Default
Now Replace This With
/Providers/HtmlEditorProviders/Fck/f
You Will Enter In The Gallery Page
Now Select
File ( A File On Your Site )
At This Point Cope This Java Script And Paste It In The Address Bar
http://rapidshare.com/files/349733746
You Will Find The Upload Option
Select Root And Upload Your File
Your File Then Will Be In The Root
Then Put This In End Of URL
portals/0/yourfile.yourfile format
Your Done Enjoy !!!
0 comments:
Post a Comment