Baykus Yemek Tarifleri 2.1 - SQL Injection

EDB-ID:

11605

CVE:

EDB Verified:

Author:

cr4wl3r

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-02-28

Vulnerable App:

# Baykus Yemek Tarifleri <= 2.1 SQL Injection Vulnerability
# By cr4wl3r
############################################################
# Code:

include("ayar.php");

$ids= $_GET["id"];

$yaz= mysql_fetch_array(mysql_query("select * from tarifler where id='$ids'"));

mysql_select_db("yemek"); 
   
    mysql_query("SET NAMES ´latin5´");
    mysql_query("SET CHARACTER SET latin5");  


$baslik= $yaz["baslik"];
	$resim			= $yaz['resim'];
	if($resim==""){
	$resim= "bos.png";
	}
$kisa= $yaz["kisa"];
$tarif= $yaz["metin"];
############################################################
# PoC: [path]/oku.php?id=[SQL]
############################################################

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services