Friday, 17 October 2014

Exploit WordPress: Wp-Install


 
Dorks:
 inurl:/wp-admin/install.php
 inurl:/wp-admin/install.php & intext:welcome -github -code

How to Exploit?
  1. Firstly, as usual, copy and paste one of the dorks given on google.
  2. Choose any site
  3. If your target is http://www.example.com/wp-admin/install.php , and the webpage show as the picture below, thats mean the site might be vulnerable.


      
  4. But, if the webpage show like the picture below, it means the site is not vulnerable.
  5. Fill in the Site Title,Username, Passwords, and your Email Address and click Install Wordpress
  6. If the installation succeed, you can login into the admin panel.
  7. Else, you will get error message as below,
    You may also like: HOW TO UPLOAD SHELL IN WORDPRESS SITES