AutoCar 1.1 – ‘category’ SQL Injection

Exploit Database
15 阅读

作者： Bora Bozdogan

日期： 2017-08-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/42562/

# #
# Exploit Title: Auto Car - Car listing Script 1.1 - SQL Injection
# Dork: N/A
# Date: 25.08.2017
# Vendor: http://kamleshyadav.com/
# Software Link: https://codecanyon.net/item/auto-car-car-listing-script/19221368
# Demo: http://kamleshyadav.com/scripts/autocar_preview/
# Version: 1.1
# Tested on: WiN10_X64
# Exploit Author: Bora Bozdogan
# Author WebSite : http://borabozdogan.net.tr
# Author E-mail : borayazilim45@mit.tc
# #	
# POC:
# 
# http://localhost/[PATH]/search-cars?category=[SQL]
# ts_user
#user_uname
#user_fname
#user_lname
#user_email
#user_pwd
# #

last Exploits
AutoCar 1.1 – ‘category’ SQL Injection的更多信息

WBCE 1.6.0 – Unauthenticated SQL injection：
Dolibarr ERP/CRM 3.0.0 – Multiple Vulnerabilities：
ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management：
vanilla forums poll plugin 0.9 – Persistent Cross-Site Scripting：
antMan < 0.9.1a - Authentication Bypass：
MyBB Profile Blogs Plugin 1.2 – Multiple Vulnerabilities：
Alibaba Clone Diamond Version – SQL Injection：
Joomla! Component onisQuotes 2.5 – ‘tag’ SQL Injection：