header-logo
Suggest Exploit
vendor:
Job Seekers Package
by:
R4dc0re
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Job Seekers Package
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:t-dreams:job_seekers_package:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

T-Dreams Job Seekers Package SQL injection Vulnerability

Job Seekers Package is vulnerable to SQL injection. An attacker can inject malicious code into the 'z_Residency' parameter of the TD_RESUME_Indlist.asp page, which can be used to access or modify the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title: T-Dreams Job Seekers Package SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Version:3.0
#Price:279$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

Job Seekers can post their C.V.s and contact employers for free.
Employers (companies) can post as many Job Ads as they need.
Users can modify their posts later or delete them through a security system.
The System is provided with Advanced Search Capabilities.. 
The system Allows admin to control how many Jobs Ads a company can post (e.g., for free). 
It allows too how many job seekers a company can contact (e.g., for free).. and a lot of related features

[Vulnerability]

SQL Injection:
http://server/jobcareerV3/Resumes/TD_RESUME_Indlist.asp?z_Residency=[Code]
########################################################################################

Navigation

Suggest Exploit

Services By CQR