1- Finding Exploit And Target
Google dork: inurl:"option=com_mytube"
Type that Dork in Google.
2- Inject Target
Find a url like this:
http://site.com/index.php?option=com_mytube&Itemid=88..
Now replace the url like this:
Click here to view: http://pastebin.com/ZxxU8Nsr
If the site is vulnerable, you can see something like this:
We can see username, email and activation code. (username:email:activation code)
Now, let this page open and open a new page.
3- Admin password reset
Go to:
http://www.site.com/index.php?option=com_user&view=reset
This is standard Joomla! query for password reset request
Type the email adress found in step 2 and press Submit.
The activation code should be resetted.
Google dork: inurl:"option=com_mytube"
Type that Dork in Google.
2- Inject Target
Find a url like this:
http://site.com/index.php?option=com_mytube&Itemid=88..
Now replace the url like this:
Click here to view: http://pastebin.com/ZxxU8Nsr
If the site is vulnerable, you can see something like this:
We can see username, email and activation code. (username:email:activation code)
Now, let this page open and open a new page.
3- Admin password reset
Go to:
http://www.site.com/index.php?option=com_user&view=reset
This is standard Joomla! query for password reset request
Type the email adress found in step 2 and press Submit.
The activation code should be resetted.
0 comments:
Post a Comment