The exploit demonstrates a SQL injection vulnerability in VehicleWorkshop's 'viewvehiclestoremore.php' due to unsanitized user input in the 'vahicleid' parameter. The vulnerable code directly interpolates $_GET['vahicleid'] into a SQL query, allowing arbitrary SQL execution.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:VehicleWorkshop (version unspecified)
No auth needed
Prerequisites:Access to the vulnerable endpoint · SQL injection payload