CVE-2008-3681

EXPLOITED

Joomla! 1.5-1.5.5 - Unauthenticated Password Reset via Invalid Reset Token

Title source: llm

Exploitation Summary

CVE-2008-3681 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including d3m0n.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in Joomla 1.5.x's password reset functionality. By injecting a single quote into the token field, an attacker can bypass token validation and reset the admin password.

Description

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3m0n · textwebappsphp

https://www.exploit-db.com/exploits/6234

View Code ZIP pw:eip

This exploit leverages a SQL injection vulnerability in Joomla 1.5.x's password reset functionality. By injecting a single quote into the token field, an attacker can bypass token validation and reset the admin password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla 1.5.x

No auth needed

Prerequisites: Access to the Joomla password reset page

MITRE ATT&CK