Jump to content
cehov

Dealer Express Auto Sales CMS SQLi [Not reported - unsolved]

By cehov, in Exploituri

Recommended Posts

cehov Newbie

cehov

Posted
Posted (edited)

Dealer Express Auto Sales CMS SQLi by #cehov RST

Platform: Web App

Sellers of CMS:

 http://www.dealerexpress.net/page.php

Type: Sql injection, privilege escalation

Admin url: 

http://www.domain.com/CarDealer/admin/

Date of begin: 24 feb 2015

Dork 1: "powered by dealer express"

Dork 2: "result.php?makeid="

Example: 

http://www.domain.com/cardealer/results.php?makeid=55

http://www.domain.com/CarDealer/results.php?makeid=8

The makeid is not the only, there are multiple vuln. in this auto cms.

Have fun RST.

Edited by cehov
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...