Websites running Joomla v.1.5 are vulnerable to remote admin password change, we can do this simply using a direct string that will take us to the "token confirmation page" (The true admin WOULD receive the token in his e-mail, but we're not the TRUE admin :). After do that, we just put the " ' " char in the token field to bypass the authentication and change REMOTELY the admin's passwd.
The problem is found in file : ../components/com_user/models/reset.php (lines 111 - 130)
The victim was "USP - Universidade de São Paulo - RPM Section"
Subscribe and watch more attack techniques from neuromancer: / neurom4nc3r
Secunia Advisory: SA31457
CVE-2008-3681
Негізгі бет Ғылым және технология 「Neuromancer」Hacking sites with Joomla (Universidade USP)
Пікірлер: 14