ID SECURITYVULNS:DOC:10617 Type securityvulns Reporter Securityvulns Modified 2005-12-14T00:00:00
Description
Jamit Job Board 2.4.x SQL inj.
Vuln. dicovered by : r0t
Date: 14 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html
vendor:http://www.jamit.com.au/
affected version:2.4.1 and prior
Product Description:
Job Board Pro is a PHP application for running and managing a jobs
portal website. It is written in PHP and supported by a MySQL
database. It is a complete script for those that want to run a
professional Job Board website, with all the features that you would
expect and simple and easy to navigate and use. The Job Board script
was designed by applying many of the principles learned from the study
of Human-Computer Interaction (HCI). Features includes Employer's
area, Job Seeker's area, Email alerts, Job Search, Online resume,
Multi-lingual, Dynamic Forms, Billing system for subscriptions &
posting credits (integrated with PayPal IPN), and more.
Vuln. Description:
Job Board Pro contains a flaw that allows a remote sql injection
attacks.Input passed to the "cat" parameter in "index.php" isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code
example:
/index.php?cat=[SqL]
Solution:
Edit the source code to ensure that input is properly sanitised.
{"id": "SECURITYVULNS:DOC:10617", "bulletinFamily": "software", "title": "Jamit Job Board 2.4.x SQL inj.", "description": "Jamit Job Board 2.4.x SQL inj.\r\n\r\nVuln. dicovered by : r0t\r\nDate: 14 dec. 2005\r\norginal advisory:http://pridels.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html\r\nvendor:http://www.jamit.com.au/\r\naffected version:2.4.1 and prior\r\n\r\nProduct Description:\r\n\r\nJob Board Pro is a PHP application for running and managing a jobs\r\nportal website. It is written in PHP and supported by a MySQL\r\ndatabase. It is a complete script for those that want to run a\r\nprofessional Job Board website, with all the features that you would\r\nexpect and simple and easy to navigate and use. The Job Board script\r\nwas designed by applying many of the principles learned from the study\r\nof Human-Computer Interaction (HCI). Features includes Employer's\r\narea, Job Seeker's area, Email alerts, Job Search, Online resume,\r\nMulti-lingual, Dynamic Forms, Billing system for subscriptions &\r\nposting credits (integrated with PayPal IPN), and more.\r\n\r\n\r\nVuln. Description:\r\n\r\nJob Board Pro contains a flaw that allows a remote sql injection\r\nattacks.Input passed to the "cat" parameter in "index.php" isn't\r\nproperly sanitised before being used in a SQL query. This can be\r\nexploited to manipulate SQL queries by injecting arbitrary SQL code\r\n\r\nexample:\r\n/index.php?cat=[SqL]\r\n\r\n\r\n\r\nSolution:\r\nEdit the source code to ensure that input is properly sanitised.", "published": "2005-12-14T00:00:00", "modified": "2005-12-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10617", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:15", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2018-08-31T11:10:15", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2746164", "KB953334", "KB2874216", "KB981401", "KB983509", "KB2425179", "KB2510690", "KB2501721", "KB980408", "KB2785908"]}, {"type": "cve", "idList": ["CVE-2020-10617"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "ics", "idList": ["ICSA-20-098-01"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL"]}], "modified": "2018-08-31T11:10:15", "rev": 2}, "vulnersScore": 6.1}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-03-01T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]59.107.194** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-03-01T03:00:00.\n IOC tags: **malware**.\nASN 10617: (First IP 200.59.64.0, Last IP 200.59.127.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 390 domains.\nGEO IP information: City \"Puerto Madryn\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:A5060F05-CC5B-3563-82C4-BAFC7A0B5424", "href": "", "published": "2021-03-02T00:00:00", "title": "RST Threat feed. IOC: 200.59.107.194", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **216[.]244.200.57** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-02-17T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **shellprobe**.\nASN 10617: (First IP 216.244.192.0, Last IP 216.244.206.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 400 domains.\nGEO IP information: City \"General Alvear\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-17T00:00:00", "id": "RST:4FA33B59-65EB-3617-BA79-8F1942B1B0B8", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 216.244.200.57", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]59.91.131** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **40**.\n First seen: 2021-01-16T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nASN 10617: (First IP 200.59.64.0, Last IP 200.59.127.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 404 domains.\nGEO IP information: City \"San Juan\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-16T00:00:00", "id": "RST:08A08EE6-F162-309A-AAC6-D9AAC6E3AFB6", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 200.59.91.131", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]59.106.143** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-01-11T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **shellprobe**.\nASN 10617: (First IP 200.59.64.0, Last IP 200.59.127.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 404 domains.\nGEO IP information: City \"Puerto Madryn\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-11T00:00:00", "id": "RST:B1697D48-E52F-392B-94A1-4AC8F6AD4CB8", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: 200.59.106.143", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-04T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **216[.]244.236.220** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-29T03:00:00, Last seen: 2021-01-04T03:00:00.\n IOC tags: **shellprobe**.\nASN 10617: (First IP 216.244.208.0, Last IP 216.244.244.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 404 domains.\nGEO IP information: City \"Puerto Madryn\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-29T00:00:00", "id": "RST:5664D231-CC0A-37F3-B84D-E426D3032614", "href": "", "published": "2021-01-05T00:00:00", "title": "RST Threat feed. IOC: 216.244.236.220", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-29T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **216[.]244.238.11** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **41**.\n First seen: 2020-12-25T03:00:00, Last seen: 2020-12-29T03:00:00.\n IOC tags: **generic**.\nASN 10617: (First IP 216.244.208.0, Last IP 216.244.244.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 404 domains.\nGEO IP information: City \"Puerto Madryn\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-25T00:00:00", "id": "RST:029798D1-FAB0-320B-8722-C7BF665CADCE", "href": "", "published": "2021-01-05T00:00:00", "title": "RST Threat feed. IOC: 216.244.238.11", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **216[.]244.221.235** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 10617: (First IP 216.244.208.0, Last IP 216.244.244.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 399 domains.\nGEO IP information: City \"Puerto Madryn\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:5FCC0B59-979B-3941-8249-C05679AA6431", "href": "", "published": "2020-12-21T00:00:00", "title": "RST Threat feed. IOC: 216.244.221.235", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]59.82.251** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **25**.\n First seen: 2020-11-06T03:00:00, Last seen: 2020-12-13T03:00:00.\n IOC tags: **generic**.\nASN 10617: (First IP 200.59.64.0, Last IP 200.59.127.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 399 domains.\nGEO IP information: City \"San Juan\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-06T00:00:00", "id": "RST:B144AA5D-32D6-3BED-903C-118B90843904", "href": "", "published": "2020-12-14T00:00:00", "title": "RST Threat feed. IOC: 200.59.82.251", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]59.77.122** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **38**.\n First seen: 2020-12-01T03:00:00, Last seen: 2020-12-10T03:00:00.\n IOC tags: **scan**.\nASN 10617: (First IP 200.59.64.0, Last IP 200.59.127.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 399 domains.\nGEO IP information: City \"San Juan\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-01T00:00:00", "id": "RST:772DE6B3-228A-3D9B-B4B3-74105533DFB6", "href": "", "published": "2020-12-11T00:00:00", "title": "RST Threat feed. IOC: 200.59.77.122", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-07T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **200[.]81.190.13** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **30**.\n First seen: 2020-11-13T03:00:00, Last seen: 2020-12-07T03:00:00.\n IOC tags: **generic**.\nASN 10617: (First IP 200.81.163.0, Last IP 200.81.191.255).\nASN Name \"SION\" and Organisation \"SA\".\nASN hosts 399 domains.\nGEO IP information: City \"Puerto Madryn\", Country \"Argentina\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-13T00:00:00", "id": "RST:92526337-8109-3D45-A422-99DB5C05D514", "href": "", "published": "2020-12-08T00:00:00", "title": "RST Threat feed. IOC: 200.81.190.13", "type": "rst", "cvss": {}}]}
