Jettweb PHP Hazir Haber Sitesi SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti Version 1. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'poll' parameter. Exploitation involves sending POST requests to 'arama.php' with malicious SQL payloads, potentially leading to the extraction of sensitive data or modification of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to 'arama.php' with the 'poll' parameter. Include a crafted SQL payload that exploits the application's SQL query handling. The injection can be verified by attempting to extract database information or manipulate database records as a result of the injected SQL code.