Jettweb PHP Hazir Haber Sitesi SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti V3. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Exploitation can be achieved by sending GET requests to 'datagetir.php' with crafted 'q' values, utilizing time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.

Impact

Exploitation of this vulnerability allows for unauthorized database manipulation, extraction of sensitive information, and authentication bypass.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'datagetir.php' with a crafted 'q' parameter that includes SQL injection payloads. This can be done using tools like Burp Suite or manually via a web browser. The injected SQL code can be crafted to exploit the application's database query handling, such as extracting data or bypassing authentication.