Hacking Sites With DNN Very Easy

DNN (DotNetNuke) Gallery All Version Remote File Upload without Authentication

Bug Found by Alireza Afzali From ISCN Team

Date of finding bug : 2008/05/5

Over 10 military website and 20 state of United State of america Defaced by
this bug


Example Of The Hack

Orignal Site 
http://www.raddho.org/

File In The Root 
http://www.raddho.org/portals/0/badman.txt

The Song In Below Video Is Really Funny 
 
So Here Are The Steps :--
 
1st Find The DNN

Go To Any Search Engine

Google

And Search This Dork

:inurl:/tabid/36/language/en-US/Default.aspx

See The Results And Target Any site

You Will See This Part In Every Site That You Searched For

/Home/tabid/36/Language/en-US/Default.aspx

Now Replace This With

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You Will Enter In The Gallery Page

Now Select

File ( A File On Your Site )

At This Point Cope This Java Script And Paste It In The Address Bar

http://rapidshare.com/files/349733746/js.txt

You Will Find The Upload Option

Select Root And Upload Your File

Your File Then Will Be In The Root

Then Put This In End Of URL

portals/0/yourfile.yourfile format

Your Done Enjoy !!!
 
Share:

0 comments:

Post a Comment

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.