Hacking DNN Based Web Sites

Hacking DNN Based Web Sites

Hacking DNN Based Web Sites

Hacking DNN (Dot Net Nuke) CMS based websites is based on the Security Loop Hole in the CMS. For using that exploit we will see the few mentioned points which illustrates us on how to hack any live site based on Dot Net Nuke CMS.

Vulnerability : This is the know Vulnerability in Dot Net Nuke (DNN) CMS. This allows aone user to Upload a File/Shell Remotely to hack that Site which is running on Dot Net Nuke CMS. The Link's for more Information regarding this Vulnerability is mentioned below -

Getting Started : Here we will use the Google Dork to trace the sites that are using DNN (Dot Net Nuke) CMS and are vulnerable to Remote File Upload.

How To Do It : Here, I an mentioning the few points on how to Search for the existing Vulnerability in DNN.

Let's Begin with the Tutorial...

Step 1. Go To http://www.google.com

Step 2. Now Enter this Dork -  :inurl:/tabid/36/language/en-US/Default.aspx

Now you will see the following as mentioned in the below Image -

The above Dork is used for tracing the sites running on the Dot Net Nuke CMS and will provide us the URL which are Vulnerable and which can be manipulated further to Upload Files Remotely.

Step 4. Now we will take an example of the Site Running on DNN which is -  http://www.xyz.com/

Note : For Security Reasons the above domain name cannot be made Public whose Page you are seeing above.

Step 5. Now as we have the above website as Vulnerable and via Google Dork we have also traced the Vulnerable URL in the site and hence before manipulating the same, I will show you in below Image as how does it looks like -

URL Used Is - http://www.xyz.com/Home/tabid/36/Language/en-US/Default.aspx

Step 6. Once we have traced the Vulnerable Site along with the concerned URL. Here is the time to Replace the Above URL with the Vulnerable one.  As mentioned below -

URL To Replace - http://www.xyz.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Refer the Image as shown below -

Step 7. From the above Step 6 we can understand that we have now got a GUI Interface to Upload A File Remotely. Now replace the whole URL of the above mentioned Image with a JavaScript code. This JavaScript Code will provide us an Interface and will help us to upload any allowed file formats.

JavaScript Code Is - javascript:__doPostBack('ctlURL$cmdUpload','')

Refer the Image below -

From the above Image we can see that we have now a GUI Intreface. Here in that we need to select the radio button where the File is mentioned and make sure as File Locations: you select Root.

Step 8. Once this is all set then Browse and Upload the File which you want to that can be any Shell Code like c99, c100, r57 etc to hack that Site or to Deface that Site.

Step 9. Now you can view your file/shell which you have uploaded at portals/0/uploadedfile.fileformat

Step 10. When you get Permission Issues then set a filter to the Uploader so that you can just upload .jpeg/.jpg/.txt files. Now To Bypass this filter just rename the shell to shell.php;.txt or shell.php;.jpg or any other extension which is allowed.

This way you can Parse the request for the Page/Shell in the Browser and it will read upto .php only. It will not read .txt as ";" sign ends the request. That's It and Now You Are Done..  :)

                                      "KEEP CALM AND STAY AWAKE"




View Rohit Patel's profile on LinkedIn