Wednesday, May 18, 2016

How To Joomla Complete Tutorial Step by Step

1- Finding And Target

Google dork:inurl:"option=com_mytube"

Type that Dork in Google.

2- Inject Target

Find a url like this:
Now replace the url like this:

Click here to view:

If the site is vulnerable, you can see something like this:

We can see username, email and . (username:email: )

Now, let this page open and open a new page.

3- Admin reset

Go to:
This is standard Joomla! query for reset request

Type the email adress found in step 2 and press Submit.

The should be resetted.

Return to the first page, refresh the page and take the new .

Paste him in the token and press Submit.

problem with token.. :((

UPDATE: Joomla! 1.5.16 now hashes the reset token

if you see a thing like :$1$14411: after the , it will not work

4- Admin Login

If you done everything ok, your page will load. Enter your new ...

After that go to:

Standard Joomla portal content management system

Enter the username (found in step 2) and your new , click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced , click Apply, Save and you are done!!!

No comments:

Post a Comment