Jettweb PHP Hazir Haber Sitesi Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti V3. This vulnerability allows attackers to inject malicious SQL commands through the 'kelime' parameter in POST requests. Exploitation of this vulnerability could lead to the extraction of sensitive data from the database or the bypassing of authentication controls.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries, potentially leading to unauthorized data access or authentication bypass.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'kelimeara' endpoint with a crafted 'kelime' parameter that includes SQL injection payloads, such as those leveraging UNION-based injection techniques. This can be done using tools like Burp Suite or by manually crafting the request with the appropriate SQL injection payloads.