How to hack your comment into Wordpress
Alot of functions in blogs are based on variables passed in the URL string. As long as the moderator is logged in, he is allowed to do various tasks just by clicking on the right link. Wordpress is one of the safer blog scripts, but it has its vulnerabilities. The instructions below show how you can pass the right commands to auto moderate your comment in someone elses blog.
Find a blog that uses Wordpress where you would want a comment the moderator would never alow.
Make a webpage that contains some info, but also a very small iframe. Keep the URL of the iframe empty for now.
On the blog you want to hack find out what the wp-login.php directory is. Most of the time it’s the same directory as the blog itself.
Enter the comment you want to have moderated and don’t press submit yet. Look in the pagecode for the id of the last comment:
(in this case 10).
Now edit the webpage with the iframe and set the iframe target to:
http://(blog directory)/wp-admin/post.php?action=mailapprovecomment&p=10&comment=8
Submit the first comment and on another post on the blog you make a comment with an enticing reason to visit the URL of your webpage with the hidden iframe. You can also include the link to your webpage in the first comment without doing a second one.
You’re done! Now the following should happen.
The moderator logs in to his control panel and starts moderating his comments.
He sees your comment with the link and visits your page. Unknowingly he also visits his own url through the iframe and approves the comment you want added.
Maybe he finds out but he would only be confused because he could have accidentally pushed the link himself. Cover your tracks by removing the iframe and you’re done.
In stead of point 4. and 5. you can also have the owner of the blog make a comment without realising it.
4. Look at the sourcecode of the comment form. and look for the action=”". Copy the URL to your clipboard. Then look for the comment_post_ID.
5. Make a new page and enter the following:
Place this code in a page that you request as your iframe.
As you see hacking can be easy. Use the force wisely and don’t give in to the dark side! ;)
Now edit the webpage with the iframe and set the iframe target to:
http://(blog directory)/wp-admin/post.php?action=mailapprovecomment&p=10&comment=8
Submit the first comment and on another post on the blog you make a comment with an enticing reason to visit the URL of your webpage with the hidden iframe. You can also include the link to your webpage in the first comment without doing a second one.
You’re done! Now the following should happen.
The moderator logs in to his control panel and starts moderating his comments.
He sees your comment with the link and visits your page. Unknowingly he also visits his own url through the iframe and approves the comment you want added.
Maybe he finds out but he would only be confused because he could have accidentally pushed the link himself. Cover your tracks by removing the iframe and you’re done.
In stead of point 4. and 5. you can also have the owner of the blog make a comment without realising it.
4. Look at the sourcecode of the comment form. and look for the action=”". Copy the URL to your clipboard. Then look for the comment_post_ID.
5. Make a new page and enter the following:
Place this code in a page that you request as your iframe.
As you see hacking can be easy. Use the force wisely and don’t give in to the dark side! ;)
Nuk ka komente:
Posto një koment