ICAutosales 1.2 SQL Injection

2017-03-09T00:00:00
ID PACKETSTORM:141524
Type packetstorm
Reporter Bilal Kardadou
Modified 2017-03-09T00:00:00

Description

                                        
                                            `################################################  
#Title: ICAutosales v1.2 - SQL Injection  
#Credit: Bilal KARDADOU  
#Vendor: http://www.icloudcenter.com  
#Vendor URL: http://www.icloudcenter.com/auto-dealer-car-sales-script.htm  
#Product: AUTO DEALER CAR SALES PHP SCRIPT.  
#Google Dork: N/A  
################################################  
#  
# Product & Service Introduction:  
# ICAutosales is a powerful, highly customizable classifieds script  
for auto sales sites.  
# It is written in PHP with MySQL. Due to its easy manageable  
interface and its great amount of  
# features it is an excellent choice if you need a cars, boats, or  
motorcycles classifieds website.  
#  
#  
#  
# --SQL Injection/Exploit--  
# www.icautosales/index.php?cmd=[SQL]car_search&type=3  
# www.icautosales/index.php?adv=1&cmd=bike_search[SQL]  
#  
www.icautosales/index.php?aid=107[SQL]&category=car&cmd=advertise_details  
#  
# ---PoC---  
# http://prnt.sc/ehj4eh  
# http://prnt.sc/ehj540  
# http://prnt.sc/ehj5ah  
#  
# --Administrator Panel--  
# /admin/index.php  
# http://prnt.sc/ehj5jl  
#  
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)  
################################################  
--   
*Bilal Kardadou*  
IT Security Consultant  
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |  
`