Jettweb PHP Hazir Haber Sitesi SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Jettweb PHP Hazir Haber Sitesi Scripti Version 1. This vulnerability allows attackers to manipulate database queries by injecting malicious SQL code through the 'option' parameter. Exploitation involves sending POST requests to 'uyelik.php' with crafted payloads in the 'option' parameter, enabling time-based SQL injection attacks that could extract sensitive database information.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'uyelik.php' with the 'option' parameter injected with malicious SQL code. The injection can be crafted to exploit time-based SQL injection techniques, such as using 'SLEEP' functions to demonstrate the injection's effectiveness.