35 lines
No EOL
646 B
Text
35 lines
No EOL
646 B
Text
# Exploit Title: VehicleWorkshop SQL Injection
|
|
# Data: 07.28.2017
|
|
# Exploit Author: Shahab Shamsi
|
|
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
|
|
# Tested on: Windows
|
|
# Google Dork: N/A
|
|
|
|
|
|
=========
|
|
Vulnerable Page:
|
|
=========
|
|
/viewvehiclestoremore.php
|
|
|
|
|
|
==========
|
|
Vulnerable Source:
|
|
==========
|
|
Line5: if(isset($_GET['vahicleid']))
|
|
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");
|
|
|
|
|
|
|
|
=========
|
|
POC:
|
|
=========
|
|
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]
|
|
|
|
|
|
|
|
=========
|
|
Contact Me :
|
|
=========
|
|
Telegram : @Shahab_Shamsi
|
|
Email : info@securityman.org
|
|
WebSilte : WwW.iran123.Org |