Reporter Joseph Giron
JobLister3 by SkilMatch Staffing Systems, Inc.
Multiple SQL injection vulnerabilities
The search form filed doesnt strip special characters that have special
meanings. A single quote makes the application spit out a number of
This is not limited to the search query. The GET'd variables also fail to
Dump of entries:
Using some old fasioned order by work, wee deduce 16 columns
Thus, the fix currently would be to impletement addslashes functions to
all areas that recieve (or can recieve) user supplied data.