Hacking Sites With DNN Very Easy

DNN (DotNetNuke) Gallery All Version Remote File Upload without Authentication

Bug Found by Alireza Afzali From ISCN Team

Date of finding bug : 2008/05/5

Over 10 military website and 20 state of United State of america Defaced by
this bug

Example Of The Hack

Orignal Site

http://www.raddho.org/

File In The Root

http://www.raddho.org/portals/0/sat.png


1st Find The DNN

Go To Any Search Engine

Google

And Search This Dork

:inurl:/tabid/36/language/en-US/Default.aspx

See The Results And Target Any site

You Will See This Part In Every Site That You Searched For

/Home/tabid/36/Language/en-US/Default.aspx

Now Replace This With

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You Will Enter In The Gallery Page

Now Select

File ( A File On Your Site )

At This Point Cope This Java Script And Paste It In The Address Bar

http://www.2shared.com/file/11522797/f1cabb68/js_online.html

You Will Find The Upload Option

Select Root And Upload Your File

Your File Then Will Be In The Root

Then Put This In End Of URL

portals/0/yourfile.yourfile format

Your Done Enjoy !!!