header-logo
Suggest Exploit
vendor:
VehicleWorkshop
by:
Shahab Shamsi
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: VehicleWorkshop
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2017

VehicleWorkshop SQL Injection

The VehicleWorkshop application is vulnerable to SQL injection. The application is vulnerable to a SQL injection attack due to the lack of input validation on the 'vahicleid' parameter in the 'viewvehiclestoremore.php' page. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable page, which can be used to extract sensitive information from the database.

Mitigation:

Input validation should be implemented on all user-supplied input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: VehicleWorkshop SQL Injection 
# Data: 07.28.2017
# Exploit Author: Shahab Shamsi
# Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop
# Tested on: Windows
# Google Dork: N/A


=========
Vulnerable Page:
=========
/viewvehiclestoremore.php


==========
Vulnerable Source:
==========
Line5: if(isset($_GET['vahicleid']))
Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'");



=========
POC:
=========
http://site.com/viewvehiclestoremore.php?vahicleid=[SQL]



=========
Contact Me :
=========
Telegram : @Shahab_Shamsi
Email : info@securityman.org
WebSilte : WwW.iran123.Org

Navigation

Suggest Exploit

Services By CQR