Vehicle Workshop SQL Injection

2017-07-28T00:00:00
ID PACKETSTORM:143544
Type packetstorm
Reporter Shahab Shamsi
Modified 2017-07-28T00:00:00

Description

                                        
                                            `# Exploit Title: VehicleWorkshop SQL Injection   
# Data: 07.28.2017  
# Exploit Author: Shahab Shamsi  
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop  
# Tested on: Windows  
# Google Dork: N/A  
  
  
=========  
Vulnerable Page:  
=========  
/viewvehiclestoremore.php  
  
  
==========  
Vulnerable Source:  
==========  
Line5: if(isset($_GET['vahicleid']))  
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");  
  
  
  
=========  
POC:  
=========  
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]  
  
  
  
=========  
Contact Me :  
=========  
Telegram : @Shahab_Shamsi  
Email : info@securityman.org  
WebSilte : WwW.iran123.Org  
  
  
  
  
`