Receive Daily Updates

Enter your email address:

Wednesday, July 13, 2011

Hack Website Using DNN [Dot Net Nuke] Exploit

Hack Website Using DNN [Dot Net Nuke] Exploit
Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Simply copy paste it as shown below:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...BINGGOOOOOOOOOOOO you have hacked the website.

5 Visitor Reactions & Comments:

frendhy said...

waw... nice post... i can change image from http://www.wittur.se/. hhhmmmppp, i can hack use sql injection with this way,,,??? please replay, or email me [email protected] tankz... sory, im indonesia...

Amarjit Singh said...

Yes you can. Check our posts related to SQL Injection

JAY PATEL said...

BUT HOW CAN I KNOW IMAGE NAME????

JAY PATEL said...

BUT HOW CAN I KNOW IMAGE NAME?

Amarjit Singh said...

I had found some site that vurln to this methode but i cant find any form to browse my local file,its only shown Link Gallery URL: Use selected link Use Full Path any ideas?? ----------------- IT MEANS THAT WEBSITE IS NO MORE VULNERABLE AND PATCHED UP.. LUK FOR OTHER ONE