Website Hacking with Dot net nuke exploit



In this tutorial I will tell you how hackers use a simple dot net nuke exploit to hack a website, Now the exploit I am talking about is found in hundreds and hundreds on DNN applications and it allows the hacker to upload an image on your server, This type of attack is also called one way Hacking and at the end of article I have also posted some countermeasures to help you defend your self against these kinds of attack

You might be interested in reading some related posts at HT:

  Common methods to hack a website
    Note:The Purpose of this tutorial is not to excite hackers but to make your aware of how hackers can Hack your websites

    Google Dork

    A google dork is an act of using google provided search terms to obtain a specific result and this DNN vulnerability occurs only in those websites which have "/portals/0" in their navigation, So goahead and search for inurl:”/portals/0″ where inurl asks the google to display all the url's who have /portals/0 in their navigation

    1.Lets say the vulnerable website is:

     www.vulnerablewebsite.com//portals/0


    2.Now we will just add Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx after the url so www.vulnerablewebsite.com/portals/0 will become www.vulnerablewebsite.com/portals/0Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

    3.Now a website is vulnerable to this type of attack you will get a similar windows like the below one:
    ( Note: For security Reasons I am not showing the site name.)
    After selecting the third option, replace the URL bar with below script


    javascript:__doPostBack('ctlURL$cmdUpload','')

    After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT you have hacked the website.
    (SHM.jpg must be image at homepage. Or else if any other image is present just use same name and replace that image)
    Note: Updated Version of Post here