Follow us on Twitter!
Ideas are far more powerful than guns.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 30
Members Online: 0

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Joomla exploit. Allows visitor to change admin password


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 05:42
Joomla exploit. Allows visitor to change admin password
There has been a major joomla exploit that has been discovered that allows mere visitors to change the admin password to whatever they like...


Author

RE: Joomla exploit. Allows visitor to change admin password

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 20-08-08 08:05
Yeah, Did you notice since that exploit was released, Every skid has been hacking into joomla sites now, That haven't been patched.Angry


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Joomla exploit. Allows visitor to change admin password


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 11:58
yup. amazing that eh? but seriously, it's a pretty big flaw, u look at the milw0rm article and the code, you reckon someone would have noticed earlier, white-black-grey. Not at all saying i would have noticed it until shown to me, however i had more faith in the dev's there. I've been using joomla for a few years now, never touched 1.5 just cos of how much the 1.1versions grew. but, now i write my own cms systems, that are probably exploitable as all hell, but with mates like richo, it's the best way for me to lean. build a dynamic php site, following standards and security standards, then hack the shizen out of it(usually i can't, it takes another).
anywho, anyone want to diig that article, would love the love Pfft




Author

RE: Joomla exploit. Allows visitor to change admin password

Infam0us
Member



Posts: 153
Location: 0x080484c6
Joined: 06.09.07
Rank:
Apprentice
Posted on 20-08-08 14:01
I wonder how long this has been known and just kept as a secret weapon. Thats a great find.

korg wrote:
Yeah, Did you notice since that exploit was released, Every skid has been hacking into joomla sites now, That haven't been patched.Angry


I wouldn't say that they hacked anything :angry:


"Never memorize what you can look up in books." -Albert Einstein
www.rohitab.com/discuss/style_emoticons/default/suicide_anim.gif
[img]http://www.hellboundhackers.org/fusion_infusions/buddy_panel/buddy_delete.php?id=2783[/img]


[img]javasc ript:alert(document.cookie);[/img]
Author

RE: Joomla exploit. Allows visitor to change admin password

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 20-08-08 14:34
I know what you mean, Using posted exploits is bullshit but skids love them and still call it a hack.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R