Jettweb PHP Hazir Haber Sitesi Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti V3. This vulnerability allows attackers to inject malicious SQL commands through the 'kelime' parameter in POST requests. Exploitation of this vulnerability enables attackers to use UNION-based SQL injection payloads to extract sensitive information from the database or modify database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to access, modify, or delete database information. This could lead to unauthorized data exposure or corruption.

Reproduction

To reproduce this vulnerability, send a POST request to the 'kelimeara' endpoint with the 'kelime' parameter. Include a UNION-based SQL injection payload that exploits the application's SQL query handling. The injected payload can be crafted to extract database information or manipulate database records.