Bypassing Wordpress Security ...

The trick was awesome, you could basically go to any wordpress blog and leave a comment and it would go live right after the submit button, no moderation stuff.
Now this loophole was working since version 2.3 or something I am not sure but I know it works upto version 2.3.3 or 2.3.5.
The trick is simple, find a busy blog where there are lots of comments, and then just make a comment, include any random email, your website or a link within the post, now to bypass the moderation all you had to do was check the list of comments that were already posted and copy the name of one of the commenters exactly. So if someone by the name of “Jack” had posted there already and was already approved, all you had to do is write the name exactly as it appears and your comment would bypass.

Pretty neat trick, got me tons of traffic and I actually made a bot to do it.

Now lets look at wordress today. The guys over wordpress have fixed the patch, I think it was fixed something in 2.5 or something not sure though. Anyways with 2.7 you cannot do the trick. But, I am not one of those guys who easily gives up. So I came up with a way to actually make it work.

Now here are your options.

1. Go to google.com or some other search engine and type “powered by wordpress” it will list urls of all the blogs that run on wordpress platform.

2. Visit each of the URLS, and then see the source code.

3. If in the source code you find that the version is >2.3.5 then you are set to go.

Now as you can see this is something that will consume time and effort and I doubt many of you will do.

With that being said, lets go to 2.6 versions now in this versions wordpress can still be exploited this version had a severe bug of some SQL injection, which allowed a user to get into the admin panel of the owner. For this you had to know how to do SQL injection, not that hard when you consider how SQL queries work. The idea is that 1 = 1 and it is true, so if this string is passed in the query it should return a valid value. Now there is a bit more to it but basically you could bypass any 2.6 login through a SQL injection. I will not be teaching it here sorry. You can google it and do it on your own for educational purposes.

Now you must be thinking whats the use and purpose? The primary purpose of most of these tricks are you get FREE FRONTPAGE BACKLINKS on high PageRanked sites. Because once you are in admin panel you can modify a template and create a blank url that points to your webpage, the owner will never see it as it is blank but the search engine will give you the juice.

Now you must be thinking damn I missed it all, well let me tell you even though there is version 2.7 out, there are many people still using old version because they are too lazy to update or dont have time or have basically stopped blogging. That shouldn’t stop you though because there are many blogs with pr 6+ that are not high traffiked but that got high PRs because they have backlinks from authority sites, some example of this would be University Professor’s for example if you go to Stanford and look for computer science section there is this prof who has a blog with basically no traffic at all but a whooping PR 8 lol, because Standford, and many other universities link to him.

And guys like him do not have time to upgrade and yes they have 2.6 version. So you will have to know the SQL injection.

Lets look at 2.7 which is being used by many smart people who think they are safe and who think they are the best because they updated their blog. Well let me tell you, that the way wordpress is coded in PHP it can never ever be super secure there will always be loopholes. For time being if any of you are interested in knowing about it. You should download a tool that can intercept packets before leaving your browser, packet = data, say you leave a comment on a blog and click submit, now the moment you click submit there is a packet sent from your browser to the application on the server side. Now you cannot see it because it happens on the background thus if you have a software that can intercept it so that you can read the data, then you can modify the fields before it goes to the application.

You could use Browser Rider, at some level. And pretty much get tons of PR backlinks to your site if you can find Wordpress blogs with good PR and less activity.

For this time, I will let you guys play around version 2.0 - 2.3.3 and 2.3.3 - 2.6.

It is all about links, the more links the better search result. So try to get some backlinks now. I might send a tool that will automatically find wordpress blogs based on versions.

ps - if you want to do some more testing you can always try going to the following urls –

1. http://www. DOMAIN NAME .com/wp-contents/plugins
2. http://www. Domain Name .com/wp-contents/themes

If you can find what plugins or themes they are sharing you can possibly do some search and find some bugs for those plugins and themes and then try to get a link on the site.

One thing, I gotta tell you there are tons of 2.3 wordpress blogs with PR 5+ tons and tons of them just by typing this simple query over google I found a hot Pr 5 blog.

“powered by wordpress 2.3″

Next time we will look at how to intercept data before it leaves your browser, good uses of such trick could be tampering your data say in a online game, where if you high score they put your name on their top players list or high score list which is viewed by many and in that case you can have your website URL instead of your name so when people see who is the best they see a url, so some free traffic..

These require no knowledge i will show you tools that do REPLAYS.. good fun stuff which I will be sharing in upcoming series.

Before I end you must be thinking how can I protect my blog? Well update to version 2.7 as it is in a way safter than old versions. In your plugins and theme folder put a blank index.html so that if someone tries to query they will get an error, this can only stop a noob if someone really wants to find out what you are using they will find it out another way by typing the full url for example..

if you include a index.html in your plugins folder, then typing the following in your browser would results in a blank page..

http://www. Domain name .com/wp-contents/plugins/

But someone who is smart he will just do something different that is

http://www. Domain name .com/wp-contents/plugins/pluginname

as you may know there are many plugins that are used by many out there and which are pretty popular, so this is only takes few guesses like if I visit some seo guy blog I don’t even have to do much..

I know that most SEO guys will use the SEO plugin thus by typing

http://www. Domain name .com/wp-contents/plugins/pall-in-one-seo-pack

I will get into the folder. Thus there is no such thing as being safe, although having an index.html inside your folders help, or you could create a .htaccess file. But I have always found it troublesome with Wordpress.

How to avoid the SQL injections? Well latest version is safe so always update your wordpress. But one thing you gotta remember is that your blog will only be targeted if it can give some juice so if you have a pr7 blog then expect it to happen. I am sure most of you know of Ryan’s blog it was PR 9 and in version 2.6 as I mentioned one could get your admin pass, his whole site was hijacked and was stuffed with links to viagra and other sites that sell pills.

 Original Source:
http://eindianos.com/index.php/bypassing-wordpress-security