3

i use many methods too login in to joomla admin panel. but the returned value is same az the login page. even when the username and password are correct.

example:

WebClient Client = new WebClient();
System.Collections.Specialized.NameValueCollection Collection = 
    new System.Collections.Specialized.NameValueCollection();
Collection.Add("username", "--my username--");
Collection.Add("passwd", "--my password--");
Collection.Add("option", "com_login");
Colletion.Add("e0484cdc56d8ccc42187d26a813324ba", "1");
Collection.Add("lang", "");

Client.Proxy = null;
byte[] res = Client.UploadValues(
    "http://127.0.0.1/administrator/index.php", "POST", Collection);
textBox1.Text = Encoding.UTF8.GetString(res, 0, res.Length);
Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Ali
  • 33
  • 4

1 Answers1

2

the problem is with this line:

Colletion.Add("e0484cdc56d8ccc42187d26a813324ba", "1");

which is joomla's CSRF anti-spoofing token. Joomla! attempts to protect againt CSRF by inserting a this token into each POST form and each GET query string that is able to modify something in the Joomla! system. This random string provides protection because not only does the compromised site need to know the URL of the target site and a valid request format for the target site, it also must know the random string which changes for each session and each user.

In order to sent a correct token with your login request you'd have to:

  1. Firstly request a correct log-in form by GET using the "Client object" request
  2. Retrieve the token with regex /name="([a-zA-z0-9]{32})"/
  3. Send the log-in request with the token

Good Luck

EDIT: To your "collection" add one more param:

Collection.Add("task", "login");
WooDzu
  • 4,771
  • 6
  • 31
  • 61