1- Finding And Target
Google dork:inurl:"option=com_mytube"
Type that Dork in Google.
2- Inject Target
Find a url like this:
http://site.com/index.p?option=com_mytube&Itemid=88..
Now replace the url like this:
Click here to view:http://pastebin.com/ZxxU8Nsr
If the site is vulnerable, you can see something like this:
We can see username, email and . (username:email: )
Now, let this page open and open a new page.
3- Admin reset
Go to:
http://www.site.com/index.p?option=com_user&view=reset
This is standard Joomla! query for reset request
Type the email adress found in step 2 and press Submit.
The should be resetted.
Return to the first page, refresh the page and take the new .
Paste him in the token and press Submit.
problem with token.. :((
UPDATE: Joomla! 1.5.16 now hashes the reset token
if you see a thing like :$1$14411: after the , it will not work
4- Admin Login
If you done everything ok, your page will load. Enter your new ...
After that go to:
http://www.site.com/administrator/
Standard Joomla portal content management system
Enter the username (found in step 2) and your new , click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced , click Apply, Save and you are done!!!
No comments:
Post a Comment