One of my sites uses Joomla! and the last day the password of the admin was changed. Shit! I thought that I had an intruder. Carefull inspection showed that there was nobody on the server beside me - the hacker could have gained my user account, but I remember what I did the last time so only the password was changed. Now I found out that the hacker used password remind flaw. After upgrade, I logged into the DB and updates the password with MD5 hash obtained from Paj's Home: Crypto... site.
UPDATE jos_users SET password='MD5HASH' WHERE id='???';
FLUSH PRIVILEGES;
Alternatively, I could use this
UPDATE jos_users SET password=PASSWORD('???') WHERE id='???';
FLUSH PRIVILEGES;
but then it is better to remove the .mysql history file!
No comments:
Post a Comment