Symlink + Bypass AdminPanel Joomla Exploit
Some attackers may determine that a website running on Joomla! site-web.com/administrator
But in some cases, when you type /administrator/ index.php automatically redirects us, then practically the attacker gives up because it thinks that the website is Joomla admin panel but has another name or another direction.
That happens for settings that the administrator has made to your Joomla, Plugin installed AdminExile [/ b] that allows administrators to add an access key to the end of the URL that redirects to erroneous entries page beginning on page 404, or anywhere else without seeing the login panel administrator.
- www.site-web.com/administrator/ <------------ redirects at index.php
- www.site-web.com/administrator/?key <------------ Admin panel
Once you have clicked on the second link, AdminExile password will be active until the session expires (or until the browser is closed).
For this case, I made a video demonstrating where achievement easily get the key (key) to enter the administrative site without problems.