# Exploit Title: VehicleWorkshop SQL Injection # Data: 07.28.2017 # Exploit Author: Shahab Shamsi # Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop # Tested on: Windows # Google Dork: N/A ========= Vulnerable Page: ========= /viewvehiclestoremore.php ========== Vulnerable Source: ========== Line5: if(isset($_GET['vahicleid'])) Line7: $results = mysql_query("DELETE from vehiclestore where vehicleid ='$_GET[vahicleid]'"); ========= POC: ========= http://site.com/viewvehiclestoremore.php?vahicleid=[SQL] ========= Contact Me : ========= Telegram : @Shahab_Shamsi Email : info@securityman.org WebSilte : WwW.iran123.Org