Download Link File : http://myfilecool.com/mail/google Websites running Joomla v.1.5 are vulnerable to remote admin password change, we can do this simply using a direct string that will take us to the "token confirmation page" (The true admin WOULD receive the token in his e-mail, but we're not the TRUE admin :). After do that, we just put the " ' " char in the token field to bypass the authentication and change REMOTELY the admin's passwd. The problem is found in file : ../components/com_user/models/reset.php (lines 111 - 130) The victim was "USP - Universidade de São Paulo - RPM Section" Secunia Advisory: SA31457 CVE-2008-3681