2 min readDec 28, 2018
How I Takeover Wordpress Admin fiiipay.my
Hello everyone, in this post im gonna show you how i takeover admin on cms wordpress and get bounty π.
- First of all is RECON, so i goto https://fiiipay.my and check what cms they use and i see they are using wordpress .
- Then i check admin page with adding β/wp-adminβ after home url
- i got redirected to β/setup-config.phpβ
4. W00t?,, I click lets go and set new database configuration with remote my sql, https://www.freemysqlhosting.net/
5. After that i got redirect to β/wp-admin/install.phpβ and i set new user & password wordpress
6. Login to wordpress
After this, i reported this vulnerability to AntiHack,
- Nov 20, 2018 β Sent Report to AntiHack
- Nov 20, 2018 β AntiHack change status to New
- Dec 13, 2018 β AntiHack rewarded me $300 SGD
- Dec 28, 2018 β Bounty received