1- Finding Exploit And Target
Google dork: inurl:"option=com_mytube"
Type that Dork in Google.
2- Inject Target
Find a url like this:
http://site.com/index.php?option=com_mytube&Itemid=88..
Now replace the url like this:
Click here to view: http://pastebin.com/ZxxU8Nsr
If the site is vulnerable, you can see something like this:
We can see username, email and activation code. (username:email:activation code)
Now, let this page open and open a new page.
3- Admin password reset
Go to:
http://www.site.com/index.php?option=com_user&view=reset
This is standard Joomla! query for password reset request
Type the email adress found in step 2 and press Submit.
The activation code should be resetted.
Return to the first page, refresh the page and take the new activation code.
Paste him in the token and press Submit.
problem with token.. :((
UPDATE: Joomla! 1.5.16 now hashes the reset token
if you see a thing like :$1$14411: after the activation code, it will not work
4- Admin Login
If you done everything ok, your Password page will load. Enter your new password...
After that go to:
http://www.site.com/administrator/
Standard Joomla portal content management system
Enter the username (found in step 2) and your new password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!
Google dork: inurl:"option=com_mytube"
Type that Dork in Google.
2- Inject Target
Find a url like this:
http://site.com/index.php?option=com_mytube&Itemid=88..
Now replace the url like this:
Click here to view: http://pastebin.com/ZxxU8Nsr
If the site is vulnerable, you can see something like this:
We can see username, email and activation code. (username:email:activation code)
Now, let this page open and open a new page.
3- Admin password reset
Go to:
http://www.site.com/index.php?option=com_user&view=reset
This is standard Joomla! query for password reset request
Type the email adress found in step 2 and press Submit.
The activation code should be resetted.
Return to the first page, refresh the page and take the new activation code.
Paste him in the token and press Submit.
problem with token.. :((
UPDATE: Joomla! 1.5.16 now hashes the reset token
if you see a thing like :$1$14411: after the activation code, it will not work
4- Admin Login
If you done everything ok, your Password page will load. Enter your new password...
After that go to:
http://www.site.com/administrator/
Standard Joomla portal content management system
Enter the username (found in step 2) and your new password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!