Wednesday, 12 June 2013

Joomla Password Reset vulnerability



Joomla Password Reset vulnerability : Explain with Live demo : 


website  : http://miit.unikl.edu.my/ 


The tricks is like this:

1. Go to http://miit.unikl.edu.my/index.php?option=com_user&view=reset&layout=confirm
then you will be prompt for a token in which the token is suppose already sent to your email,

2. Now, put a single quote ' into field text box "token" and Click OK.
The sql query then will be looks like this : "SELECT id FROM jos_users WHERE block = 0 AND activation = '' "
3. Write new password for admin 4. Go to url : http://miit.unikl.edu.my/administrator/ 5. Login admin with your new password

0 comments:

Post a Comment