################################################ #Title: ICAutosales v1.2 - SQL Injection #Credit: Bilal KARDADOU #Vendor: http://www.icloudcenter.com #Vendor URL: http://www.icloudcenter.com/auto-dealer-car-sales-script.htm #Product: AUTO DEALER CAR SALES PHP SCRIPT. #Google Dork: N/A ################################################ # # Product & Service Introduction: # ICAutosales is a powerful, highly customizable classifieds script for auto sales sites. # It is written in PHP with MySQL. Due to its easy manageable interface and its great amount of # features it is an excellent choice if you need a cars, boats, or motorcycles classifieds website. # # # # --SQL Injection/Exploit-- # www.icautosales/index.php?cmd=[SQL]car_search&type=3 # www.icautosales/index.php?adv=1&cmd=bike_search[SQL] # www.icautosales/index.php?aid=107[SQL]&category=car&cmd=advertise_details # # ---PoC--- # http://prnt.sc/ehj4eh # http://prnt.sc/ehj540 # http://prnt.sc/ehj5ah # # --Administrator Panel-- # /admin/index.php # http://prnt.sc/ehj5jl # # Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com | # Iranian Exploit DataBase = http://IeDb.Ir [2017-03-10]