Joomla exploit. Allows visitor to change admin password

Joomla exploit. Allows visitor to change admin password There has been a major joomla exploit that has been discovered that allows mere visitors to change the admin password to whatever they like…

Yeah, Did you notice since that exploit was released, Every skid has been hacking into joomla sites now, That haven't been patched.:@

yup. amazing that eh? but seriously, it's a pretty big flaw, u look at the milw0rm article and the code, you reckon someone would have noticed earlier, white-black-grey. Not at all saying i would have noticed it until shown to me, however i had more faith in the dev's there. I've been using joomla for a few years now, never touched 1.5 just cos of how much the 1.1versions grew. but, now i write my own cms systems, that are probably exploitable as all hell, but with mates like richo, it's the best way for me to lean. build a dynamic php site, following standards and security standards, then hack the shizen out of it(usually i can't, it takes another). anywho, anyone want to diig that article, would love the love :P

I wonder how long this has been known and just kept as a secret weapon. Thats a great find.

korg wrote: Yeah, Did you notice since that exploit was released, Every skid has been hacking into joomla sites now, That haven't been patched.:@

I wouldn't say that they hacked anything :angry:

I know what you mean, Using posted exploits is bullshit but skids love them and still call it a hack.