From 5040eaef417c0851e41487dfa84e8b4cd7043145 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Mon, 31 Jul 2017 05:01:25 +0000 Subject: [PATCH] DB: 2017-07-31 1 new exploits VehicleWorkshop - SQL Injection --- files.csv | 1 + platforms/php/webapps/42393.txt | 35 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100755 platforms/php/webapps/42393.txt diff --git a/files.csv b/files.csv index a61bfe512..9e2bcbeec 100644 --- a/files.csv +++ b/files.csv @@ -37914,6 +37914,7 @@ id,file,description,date,author,platform,type,port 41572,platforms/hardware/webapps/41572.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing",2017-03-08,"Bruno Bierbaumer",hardware,webapps,0 41573,platforms/hardware/webapps/41573.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution",2017-03-08,"Bruno Bierbaumer",hardware,webapps,0 41574,platforms/xml/webapps/41574.html,"FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery",2017-03-10,hyp3rlinx,xml,webapps,52986 +42393,platforms/php/webapps/42393.txt,"VehicleWorkshop - SQL Injection",2017-07-28,"Shahab Shamsi",php,webapps,0 42392,platforms/multiple/webapps/42392.py,"GitHub Enterprise < 2.8.7 - Remote Code Execution",2017-03-15,orange,multiple,webapps,0 41577,platforms/jsp/webapps/41577.txt,"Kinsey Infor/Lawson / ESBUS - SQL Injection",2017-03-10,"Michael Benich",jsp,webapps,0 41579,platforms/xml/webapps/41579.html,"WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery",2017-03-10,KoreLogic,xml,webapps,0 diff --git a/platforms/php/webapps/42393.txt b/platforms/php/webapps/42393.txt new file mode 100755 index 000000000..1ba322714 --- /dev/null +++ b/platforms/php/webapps/42393.txt @@ -0,0 +1,35 @@ +# Exploit Title: VehicleWorkshop SQL Injection +# Data: 07.28.2017 +# Exploit Author: Shahab Shamsi +# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop +# Tested on: Windows +# Google Dork: N/A + + +========= +Vulnerable Page: +========= +/viewvehiclestoremore.php + + +========== +Vulnerable Source: +========== +Line5: if(isset($_GET['vahicleid'])) +Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'"); + + + +========= +POC: +========= +http://site.com/viewvehiclestoremore.php?vahicleid=[SQL] + + + +========= +Contact Me : +========= +Telegram : @Shahab_Shamsi +Email : info@securityman.org +WebSilte : WwW.iran123.Org \ No newline at end of file