The BlogEngine.Net Exploit
by The Uni-Hacker on May.04, 2008, under Security
The js.axd handler in BlogEngine.NET version 1.3, the culprit in this exploit, serves up .js files. The problem is, a bug in js.axd allowed for any files to be delivered including the web.config file. A hacker first starts his attack by identifying a blogger using the 1.3.0.x version. Basically you can use a Google search to find these sites.
BlogEngine.Net stores all it’s usernames and passwords in a txt file in plain text. This is the developers first mistake, and probably biggest one. Using the js.axd file you can get the users.xml file which contains these usernames and passwords. Come on, this has to be the most poorly programmed system I’v seen so far. Plain text passwords? Come on…
Now that you have the BlogEngine.Net usernames and passwords, you can simply log into that blog and do what you need to do. Most of the time hackers leave behind some sort of signature or graphic on the home page. Personally, I would just email the owner a list of his usernames and passwords and have him pay me to fix it or at least have someone else fix it.
to view the picture in full size. |  |  |  |
 |  |  |  |
 |  |  |  |
