Let's look at another case of SQL injection, which was discovered in the WordPress Google Maps plugin. Metasploit already has a built-in exploit module that extracts the wp_users table from the database:
auxiliary/admin/http/wp_google_maps_sqli
Before we run the module, let's look at the source code of the plugin and understand where the problem was.