SQLi Wordpress

Subyek: SQLi Wordpress Tue Mar 13, 2012 10:36 am

[You must be registered and logged in to see this image.]

Siapa yang tidak kenal dengan wordpress. Ternyata wordpress dapat diexploitkan dengan 1 dork yang bisa dikembangkan. Disini saya akan mengajarkan sedikit dari exploit wordpress. DIsini kita belajar hack wordpress menggunakan SQL Injection.

Date : 24/02/2012 << Verified
Dork : inurl:"fbconnect_action=myhome" << bisa dikembangkan
Tools : havij
Exploit : Forgot Password
[You must be registered and logged in to see this link.]

disini saya akan memberi target...
[You must be registered and logged in to see this link.]
ganti jadi
[You must be registered and logged in to see this link.] fb
Analyzing [You must be registered and logged in to see this link.]
Host IP: 49.50.8.85
Web Server: Apache
Keyword Found: Facebook
Injection type is Integer
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 12
Valid String Column is 6
DB Server: MySQL
Current DB: h80929_wp2

INGET 1 hal penting,,,
[You must be registered and logged in to see this link.]

site = [You must be registered and logged in to see this link.]
QbiDH7xcZJT3d53XnKmB = activation key
admin = username

[You must be registered and logged in to see this link.]
klik lupa password
atau tambahkan <> ?action=lostpassword
[You must be registered and logged in to see this link.]
masukan admin << sebagai username yang ada di table wp-user yang discan melalui havij...

kalau disini saya mendapatkan keynya YU4X3EwGEaHGueg2NA7S
cara mendapatkannya menggunakan havij masuk ke table wp-user
jadi dengan exploit forgot password
[You must be registered and logged in to see this link.]
kita kembangkan...
[You must be registered and logged in to see this link.]

dan masukan password baru kita..
dan akhirnya login...
[You must be registered and logged in to see this link.]
username : admin
password : 34646331

SELAMAT ANDA SUDAH MASUK KE ADMINNYA...

Subyek: Re: SQLi Wordpress Tue Mar 13, 2012 1:15 pm

kok gak berhasil ya di belakanya butuh di tmba tanda >>>> ' ato ga ya...........?

SQLi Wordpress 1082720249

Subyek: Re: SQLi Wordpress Tue Mar 13, 2012 2:50 pm

eh ? udah banyak yang di patch kk

Subyek: Re: SQLi Wordpress Mon Apr 02, 2012 7:13 pm

gan.. hasil ane gagal.. SQLi Wordpress 1082720249

Spoiler:

Subyek: Re: SQLi Wordpress Tue Apr 03, 2012 9:32 am

KucingMangkal wrote:

gan.. hasil ane gagal.. SQLi Wordpress 1082720249

Spoiler:

eet, kalo cari target jangan yang di host langsung dari sitenya wordpress kk.
soalnya kalo yang di host di servernya wp itu udah otomatis update.

jadi sekalinya ketemu yang vulnerable dia akan otomatis ter patch
SQLi Wordpress 1956393079

Subyek: Re: SQLi Wordpress Tue Apr 03, 2012 12:50 pm

key wordpress apa aja ya

Subyek: Re: SQLi Wordpress Tue Apr 03, 2012 1:10 pm

wah main woedpresss neh
mau naya neh keynya apa aja ya :minta:

Subyek: Re: SQLi Wordpress Tue Apr 03, 2012 1:42 pm

kurang jelas tutornya

Subyek: Re: SQLi Wordpress Sun May 13, 2012 9:57 pm

boby1989 wrote:: [You must be registered and logged in to see this image.]

Siapa yang tidak kenal dengan wordpress. Ternyata wordpress dapat diexploitkan dengan 1 dork yang bisa dikembangkan. Disini saya akan mengajarkan sedikit dari exploit wordpress. DIsini kita belajar hack wordpress menggunakan SQL Injection.

Date : 24/02/2012 << Verified
Dork : inurl:"fbconnect_action=myhome" << bisa dikembangkan
Tools : havij
Exploit : Forgot Password
[You must be registered and logged in to see this link.]

disini saya akan memberi target...
[You must be registered and logged in to see this link.]
ganti jadi
[You must be registered and logged in to see this link.] fb
Analyzing [You must be registered and logged in to see this link.]
Host IP: 49.50.8.85
Web Server: Apache
Keyword Found: Facebook
Injection type is Integer
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 12
Valid String Column is 6
DB Server: MySQL
Current DB: h80929_wp2

INGET 1 hal penting,,,
[You must be registered and logged in to see this link.]

site = [You must be registered and logged in to see this link.]
QbiDH7xcZJT3d53XnKmB = activation key
admin = username

[You must be registered and logged in to see this link.]
klik lupa password
atau tambahkan <> ?action=lostpassword
[You must be registered and logged in to see this link.]
masukan admin << sebagai username yang ada di table wp-user yang discan melalui havij...

kalau disini saya mendapatkan keynya YU4X3EwGEaHGueg2NA7S
cara mendapatkannya menggunakan havij masuk ke table wp-user
jadi dengan exploit forgot password
[You must be registered and logged in to see this link.]
kita kembangkan...
[You must be registered and logged in to see this link.]

dan masukan password baru kita..
dan akhirnya login...
[You must be registered and logged in to see this link.]
username : admin
password : 34646331

SELAMAT ANDA SUDAH MASUK KE ADMINNYA...

Mantep Om Succes .. thanks atas infonya

Subyek: Re: SQLi Wordpress Mon Jul 02, 2012 10:16 am

digitalcat wrote:: key wordpress apa aja ya

terus gimana dong mencarinya... ayolah tidak ada salahnya berbagi ilmu :minta:

Subyek: Re: SQLi Wordpress Tue Jul 03, 2012 8:58 am

huum masih bingung mana yang buatan blogspot mana yang buatan wordpress padahal dah pke firebug wat amatin nya SQLi Wordpress 1082720249

Subyek: Re: SQLi Wordpress Thu Sep 06, 2012 3:30 pm

yang baru dong bray :minta:

Subyek: Re: SQLi Wordpress Sun Jan 06, 2013 1:16 am

kok gag dong ya hehee SQLi Wordpress 3529815765

Subyek: Re: SQLi Wordpress Wed Jan 09, 2013 11:29 am

udah ga work oom...

cari exploit yg baru donk oom..

» WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi
» Hack wordpress
» SQLi Exposed [ebook]
» Apprendre WordPress 3
» vulnerability Themes Wordpress