「Neuromancer」Hacking sites with Joomla (Universidade USP)
Loading...
Uploaded by neurom4nc3r on Jan 16, 2010
Websites running Joomla v.1.5 are vulnerable to remote admin password change, we can do this simply using a direct string that will take us to the "token confirmation page" (The true admin WOULD receive the token in his e-mail, but we're not the TRUE admin :). After do that, we just put the " ' " char in the token field to bypass the authentication and change REMOTELY the admin's passwd.
The problem is found in file : ../components/com_user/models/reset.php (lines 111 - 130)
The victim was "USP - Universidade de São Paulo - RPM Section"
Subscribe and watch more attack techniques from neuromancer: www.youtube.com/neurom4nc3r
Secunia Advisory: SA31457
CVE-2008-3681
- 9 likes, 3 dislikes
-
View attributions »
Uploader Comments (neurom4nc3r)
All Comments (17)
-
Hmm it ask me to verify from E-mail from admin hmm
-
It doesnt matter, you were Pwoned and Punked! The Police will laugh at you if you saay 'waynnnnhh... My joomla site was pwoned"
-
It doesnt matter, you were Pwoned and Punked!
-
@barkerAU linux -.-
-
I know this mac ;p'
-
@neurom4nc3r haha, maybe, for somone is it good!! :D
- 4:37
How To hack Website Joomlaby bleard0077,979 views
- 2:35
Exploit Joomla 1.5.aviby puntocomvirtual27,662 views
- 1:17
Hacking Joomla with Exploitby 8l4c0d3r8,833 views
- 0:58
Reset Admin Password for Joomlaby JoomSites7,683 views
- 3:35
how to hack joomlaby orlandzeqiri40,154 views
- 5:05
Hacking Sites via CMDby geterdun35111,450 views
- 6:40
Hacking Joomla Admin Panel - By Pak Cyber Pyratesby sadprincessinsadland6,318 views
- 2:53
Hack joomlaby hakermal3,995 views
- 4:17
Vulnerabilidad de Joomla 1.5by androidez113,000 views
- 5:19
Joomla com_bookflip hack !by MalesiaHackersGroup2,808 views
- 2:22
Hack Server By Joomla Token Scanner :Dby MrMeroTv2,513 views
- 8:34
Hacking Websites - You think you are secure?by videosbyjoshjones3,701 views
- 5:07
Hack joomla (tuto by: aaTT@ckby diti22116,101 views
- 10:52
Joomla Hack by r3dLineby r3dLinekHg8,253 views
- 3:20
Hacking the Adminby skrelet67,777 views
- 7:11
JoomScan (Official Team Nuts)by OfficialTeamNuts4,070 views
- 5:24
Hacking websites with XSS Shell (tutorial by Killer-TR)by killer302741,918 views
- 2:43
HACKING WEBSITESby VIDEOSARENOW8,335 views
- 4:57
How to reset the Joomla Administrator passwordby BuildAJoomlaWebsite4,115 views
- 2:19
JSploit (Joomla Exploitation Framework) 0.1v Beta Testingby zerothunderhacker2,269 views
Nice music... what's it called?
ubudog32 9 months ago
@ubudog32 Excuse the delay dude, the song is called "Synth Solo" (hidden track) from Children of Bodom
neurom4nc3r 1 month ago
It doesn't work. You actually have to enter the token sent to the email address of the administrator, so you'd have to hack the admin's account first.
rafvrab 1 year ago
@rafvrab you're wrong. See the vid again
neurom4nc3r 7 months ago
hehe, this does not work any more. Joomla have edited it in the files!! :D
martinkolle95 1 year ago 2
@martinkolle95 yeah, its very very rare in nowadays as all old vulnerabilities. Today we have new ones, and thats is good (or not). lol.
neurom4nc3r 1 year ago 3