[Tutorial] Hack WordPress site with SQL injection [Tuto]

[M33]

lets begin.

First of all we need to find a vulnerable page.
We enter this in Google:

Please, Log in or Register to view codes content!

When you found your site you need to find admin email and username.
I will be using this site for example:

Please, Log in or Register to view codes content!

When i add ' text disappears so it is vulnerable.

NOTE: I will not demonstrate how to SQL inject.

Now we need admin username and email.
We need to inject:

Please, Log in or Register to view codes content!

Now we have 2 users.

http

We pick one and copy his email.
Go to the login page of the site.
It is usually here:

Please, Log in or Register to view codes content!

And press "Lost your password?"

Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.

Now when you got:

"Check your e-mail for the confirmation link."

It means that reset key is successfully sent.
Now we need to get the activation key.

Go back to the syntax you used for extracting email and username and do this:

Please, Log in or Register to view codes content!

Please, Log in or Register to view codes content!

Voila!
Now we just need to reset it.

go to:

Please, Log in or Register to view codes content!

NOTE: Replace key= & login=

So my link will be:

Enter new password:

Thanks for reading!

 

[Tornado]

good.. +1 rep

 

[jabber]

Good tut mate thank you.

 

[nagernas]

THANK YOU BRO

 

[M33]

no problem brothers.

 

[danstein22]

thanks you big boss

 

[zdtnz]

thanks very nice

 

[M33]

no problem guys!

 

[PK-Man]

very good job very explained

 

[Earl]

Damn nice tutorial... thanks for that. Very indepth.