Menu
 

There are different ways to hack a Joomla based website ...But today i am posting
one of the finest way to hack Joomla websites....

Tutorial to hack Joomla websites

First Of all you input this

Google Dork :

inurl:"option=com_mytube"


enter this dork in Google search box...

Next is injecting the target


See for this URL:
http://site.com/index.php?option=com_mytube&Itemid=88...

Now You have to replace the url like this:

Click On LinkHere

If the site is vulnerable, you can see the image like this shown below:

We can see username, email and activation code. (username:email:activation code)

Now, let this page open and open a new page.

3- Admin password reset


Go to:

http://www.site.com/index.php?option=com_user&view=reset

This is standard Joomla! query for password reset request


Type the email adress found in step 2 and press Submit.

The activation code should be resetted.

Return to the first page, refresh the page and take the new activation code.

Paste him in the token and press Submit.

problem with token.. :((

UPDATE: Joomla! 1.5.16 now hashes the reset token

if you see a thing like :$1$14411: after the activation code, it will not work

4- Admin Login


If you done everything ok, your Password page will load. Enter your new password...
After that go to:

http://www.site.com/administrator/


Standard Joomla portal content management system

Enter the username (found in step 2) and your new password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML

In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!

You have now successfully hacked Joomla web site...:)

Post a Comment

Post a Comment

Feel Free To Ask Your Query we Love To Answer

 
Top