DB: 2017-07-31

1 new exploits

VehicleWorkshop - SQL Injection

files.csv

@@ -37914,6 +37914,7 @@ id,file,description,date,author,platform,type,port
 41572,platforms/hardware/webapps/41572.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing",2017-03-08,"Bruno Bierbaumer",hardware,webapps,0
 41573,platforms/hardware/webapps/41573.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution",2017-03-08,"Bruno Bierbaumer",hardware,webapps,0
 41574,platforms/xml/webapps/41574.html,"FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery",2017-03-10,hyp3rlinx,xml,webapps,52986
+42393,platforms/php/webapps/42393.txt,"VehicleWorkshop - SQL Injection",2017-07-28,"Shahab Shamsi",php,webapps,0
 42392,platforms/multiple/webapps/42392.py,"GitHub Enterprise < 2.8.7 - Remote Code Execution",2017-03-15,orange,multiple,webapps,0
 41577,platforms/jsp/webapps/41577.txt,"Kinsey Infor/Lawson / ESBUS - SQL Injection",2017-03-10,"Michael Benich",jsp,webapps,0
 41579,platforms/xml/webapps/41579.html,"WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery",2017-03-10,KoreLogic,xml,webapps,0

platforms/php/webapps/42393.txt

@@ -0,0 +1,35 @@
+# Exploit Title: VehicleWorkshop SQL Injection 
+# Data: 07.28.2017
+# Exploit Author: Shahab Shamsi
+# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
+# Tested on: Windows
+# Google Dork: N/A
+
+
+=========
+Vulnerable Page:
+=========
+/viewvehiclestoremore.php
+
+
+==========
+Vulnerable Source:
+==========
+Line5: if(isset($_GET['vahicleid']))
+Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");
+
+
+
+=========
+POC:
+=========
+http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]
+
+
+
+=========
+Contact Me :
+=========
+Telegram : @Shahab_Shamsi
+Email : info@securityman.org
+WebSilte : WwW.iran123.Org