TioSam Posted September 6, 2012 Report Posted September 6, 2012 Some attackers may determine that a website running on Joomla! site-web.com/administratorBut in some cases, when you type /administrator/ index.php automatically redirects us, then practically the attacker gives up because it thinks that the website is Joomla admin panel but has another name or another direction.That happens for settings that the administrator has made ??to your Joomla, Plugin installed AdminExile [/ b] that allows administrators to add an access key to the end of the URL that redirects to erroneous entries page beginning on page 404, or anywhere else without seeing the login panel administrator.Example:- www.site-web.com/administrator/ <----- Redirecciona al index.php- www.site-web.com/administrator/?key <----- Admin PanelOnce you have clicked on the second link, AdminExile password will be active until the session expires (or until the browser is closed).For this case, I made a video demonstrating where achievement easily get the key (key) to enter the administrative site without problems.Video:Description: Getting the db settings (web) by Symlink, obtaining administrative username and password, "bypass" adminpane and placing the 0day Java7 Plugin AdminExile: AdminExile - Joomla! Extensions DirectoryGrettings 1 Quote
