How to Hack Joomla Using Token ByPass. !!!!

Today I will Show you how to Bypass Joomla token  and find user name. 

The vulnerability is reported in all 1.5.x versions prior to 1.5.6.

Dork:index.php?option=com_user&view=reset&layout=confirm 

Copy and paste this Dork in google and you will get the result.
For Eg:http://site.com/index.php?option=com_user&view=reset&layout=confirm


After getting this kind of page just put Qoute ( ' )  in the Submit button and then click on Submit.
After that you will get the option to reset the Password. :-)


Once you have reset the Passsword it will show you the login page .
Now you have to find the Username . :-) 
Now go to the URL and paste this dork 
index.php?option=com_fireboard&Itemid=71&func=userlist
 Eg: http://site.com/index.php?option=com_fireboard&Itemid=71&func=userlist

Here you will get the Username for login. :-)
Now you have get the Username and password for the login..Try It . :)

Yeppee...You have access the Administrator Panel..


Note:Special thanks to  Shriniwas.!!!







Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

IBM's Blue Cloud Meets Juniper To Alleviate Cloud Computing Adoption Fears

Security and lack of an acceptable SLA are customers' top adoption fears to move to cloud computing . IBM's recent announcements to further advance their cloud computing initiative known as Blue Cloud should help alleviate these fears to some extent. IBM announced their partnership with Juniper for their hybrid cloud initiative to provide secured private cloud with better SLA. IBM also announced new offerings for the cloud - Tivoli storage as service and a new set of cloud management tools to align with what a typical CIO would look for when migrating to the cloud. In addition IBM is pushing some of their existing offerings on the cloud that customers can now use off Amazon's EC2 on pay-as-you-go subscription model . IBM has been experimenting with the concept of a private cloud for a while. One of such experiments included creating a private virtual cloud inside the firewall to deploy some of the regions of SecondLife with seamless navigation in and out of the firewall....
Lire la suite

Implementation of Cloud Computing Solutions in Federal Agencies : Part 1-Introduction

Image
(This post first appeared on "Cloud Musings on Forbes". This series provides the content of a whitepaper I recently authored. A copy of the complete whitepaper is available at NJVC.com starting September 7, 2011.) Introduction Cloud computing is a new approach in the provisioning and consumption of information technology (IT). While technology is a crucial component, the real value of cloud computing lies in its ability to enable new capabilities or in the execution of current capabilities in more efficient and effective ways. Although the current hype around cloud computing has focused on expected cost savings, the true value is really found in the mission and business enhancements these techniques can provide. When properly deployed, the cloud computing model provides greatly enhanced mission and business capability without a commensurate increase in resource (time, people or money) expenditures. Cloud Computing: Changing the Game The use of commodity components, coupled ...
Lire la suite

Hacking Into The Indian Education System Reveals Score Tampering

Image
Debarghya Das has a fascinating story on how he managed to bypass a silly web security layer to get access to the results of 150,000 ISCE (10th grade) and 65,000 ISC (12th grade) students in India. While lack of security and total ignorance to safeguard sensitive information is an interesting topic what is more fascinating about this episode is the analysis of the results that unearthed score tampering. The school boards changed the scores of the students to give them "grace" points to bump them up to the passing level. The boards also seem to have tampered some other scores but the motive for that tampering remains unclear (at least to me). I would encourage you to read the entire analysis and the comments , but a tl;dr version is: 32, 33 and 34 were visibly absent. This chain of 3 consecutive numbers is the longest chain of absent numbers. Coincidentally, 35 happens to be the pass mark. Here's a complete list of unattained marks - 36, 37, 39, 41, 43, 45, 47, 49, 51, 53,...
Lire la suite