Jettweb PHP Hazir Haber Sitesi Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti V3. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'videoid' parameter. Exploitation involves sending GET requests to 'fonksiyonlar.php' with crafted 'videoid' values that utilize UNION-based injection, enabling the extraction of sensitive database information.

Impact

Exploitation of this vulnerability allows for unauthorized database access and manipulation, potentially leading to the disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'fonksiyonlar.php' with a crafted 'videoid' parameter that includes SQL injection payloads. This can be done using a web browser or a tool like cURL. The injected SQL code can be crafted to, for example, use UNION-based injection to extract data from the database.