VehicleWorkshop - SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1068548 漏洞类型
发布时间 2017-07-28 更新时间 2017-07-28
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/42393
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: VehicleWorkshop SQL Injection 
# Data: 07.28.2017
# Exploit Author: Shahab Shamsi
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
# Tested on: Windows
# Google Dork: N/A


=========
Vulnerable Page:
=========
/viewvehiclestoremore.php


==========
Vulnerable Source:
==========
Line5: if(isset($_GET['vahicleid']))
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");



=========
POC:
=========
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]



=========
Contact Me :
=========
Telegram : @Shahab_Shamsi
Email : info@securityman.org
WebSilte : WwW.iran123.Org