This Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.
b0515350e4ccd496fb0e7266e0caa11158145540d2f845735488187df6eb3bf1
MantisBT versions 1.2.16 and below Metasploit module that leverages a remote SQL injection vulnerability to perform an arbitrary file read. Administrative credentials required.
aa47d71bf88217768761036b4fe39e67d36b8a53ac37514259ca02cca0186d98