|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 72
Members: 0
Total: 72
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Joomla15 deface |
|
Posted: Mon Jun 15, 2009 7:06 pm |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
Hello,
joomla is not very easy to deface Or hack.
Came accross this http://www.cedricmccormick.com/
Please share more info on how it must have been done.
Also if any1 know how to deface an joomla1.5 please direct me. |
|
|
|
|
Posted: Wed Jun 17, 2009 7:08 pm |
|
|
HashManiac |
Regular user |
|
|
Joined: May 13, 2009 |
Posts: 17 |
|
|
|
|
|
|
|
dude .. Joomla is easiest hacking script I think. |
|
|
|
|
|
- |
|
Posted: Thu Jun 18, 2009 8:12 am |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
HashManiac wrote: | dude .. Joomla is easiest hacking script I think. |
Hi,
Can you share some more info and if possible show me how to.
I have been searching for it since long but found some joomla1 stuff nothing really working for j1.5 |
|
|
|
|
Posted: Thu Jun 18, 2009 1:03 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
There is an exploit for 1.5 that lets you reset the administrator's password.. It's kinda tricky tho and requires some practice, so practice by installing joomla on your own server first..
1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm
2. Write into field "token" char: ' and Click OK.
3. Write new password for admin
4. Go to url : target.com/administrator/
5. Login admin with new password |
|
|
|
|
|
- |
|
Posted: Thu Jun 18, 2009 1:31 pm |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
gibbocool wrote: | There is an exploit for 1.5 that lets you reset the administrator's password.. It's kinda tricky tho and requires some practice, so practice by installing joomla on your own server first..
1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm
2. Write into field "token" char: ' and Click OK.
3. Write new password for admin
4. Go to url : target.com/administrator/
5. Login admin with new password |
Hey nice info but doesn't work.
I tried it on my systemsolution.biz - just check it out its not working. |
|
|
|
|
Posted: Thu Jun 18, 2009 1:59 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
As I can understand, you have installed newest version of Joomla, with no third-party add-ons? So what do you expect, 0-day exploits for Joomla? 0-days are valuable resource, they are kept in secret |
|
|
|
|
Posted: Fri Jun 19, 2009 12:50 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Yes it doesnt work because you must have a patched version of joomla, or maybe something like magicquotes is preventing the exploit. |
|
|
|
|
|
- |
|
Posted: Fri Jun 19, 2009 5:43 am |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
K ! i will try it on a few old versions..
thanks for the information. |
|
|
|
|
|
its even not workin for me |
|
Posted: Sat Jun 20, 2009 3:58 am |
|
|
Cykotic_Cner |
Beginner |
|
|
Joined: Jun 20, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
i even tried d exploit ...but its not working..........i think Joomla must hav patched d loop hole............ |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|