sqlmap Tutorial : WordPress SQL Injection Testing (White Hat)

We talked about SQL injection in older article. Here is a sqlmap tutorial for WordPress SQL injection testing for the beginners to test own website for potential vulnerabilities & fix them. This website and tutorial is intended for White Hat purposes only. Of course trying them upon others vulnerable WordPress installation will find the points and at the end it is possible to hack it. That is not we are teaching. We are teaching to test them on own websites – live or custom created for test. We can only teach the basics, to create an understanding of how the real tool with real hacker works.

Whether you can research, use proxy, use safe strategies to protect from Governmental spyware that is dependent on your future growing knowledge. This is official website of salmap :

Basic theory is that – WordPress has URLs with the syntax /vulnerable.php?id=IDIOT. sqlmap is a suitable tool to extort good amount of information which the site owner dislikes to disclose.

 

sqlmap Tutorial : WordPress SQL Injection Testing

 

For the most it is practical to use SSH screen aka own server to run test. So SSH to your server and become root user. Change directory to somewhere like /tmp. Clone the official repo of sqlmap :

You’ll notice that there are files like sqlmap.conf, sqlmap.py, sqlmapapi.py. If we run :

then obviously the tool will show usage options. Your target site is fools-site.com, that site has URL like :

Basically /moronic.php?id=69 should become /moronic/ with a 301 redirection. Although that forgetting escape is not only usage, salmap can nicely run against the submit form URLs like :

You can see that we have no comment form, the search is actually on other server. Of course we have contact us page. If we do not have comment, many problems get reduced. Anyway, run this :

We have ran exploit using SQL Injection. You have to read the return output carefully, you should have retrieved two database name from that site. The one database is Information_schema and the other one we do not know, you will find. When database name is know then password is only unknown. What that database has you’ll get with these commands :

Take that another database name is fools_db, then we can restive tables :

You can retrieve users, admin, payment info from above example. If you run :

You’ll feel as if the database server is yours :

You have to crack the 7QtzDHFO8nDvP900nu hash to get text password. Specially for WordPress it can go :

You can run some commands like the site owner :

If there is a vulnerable plugin, this is a funny command :

Tagged With sqlmap wordpress , sqlmap tutorial , wordpress sqlmap , sqlmap on wordpress , paperuri:(8e062e8eaa676ca98268a6729071a1a5) , list of architects yandex ru loc:US , saqlmap wordpress , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1835 4_0ZXLl16xGOfD8iATSpmi1dmkQ-Onqepzhwi3-y3MttvzQlTG9qjHCutTTyPKrN 451ff07c364be38fad70721c4dd208273bb99ef8&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1831 D5WJ-goz2X19m8kuhgkVf0DNYRqyqYRoaRPoxa82kBdsiSjSGFDernYtNtTl1MSS 785d8c387b0b8ccf4587902f5e78d05e89dd92f0&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , hack wordpress website using sqlmap