Job Search SQL Injection

vendor:

Job Search

by:

L0rd CrusAd3r aka VSN

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Job Search

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

This vulnerability allows an attacker to inject SQL queries into the website's database, potentially gaining unauthorized access to sensitive information or modifying data.

Mitigation:

To mitigate this vulnerability, the website should implement proper input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Job Search SQL Injection
Vendor url:http://getaphpsite.com
Version:1
Price:20$
Published: 2010-06-22
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, M4n0j, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team , Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Our career website is a powerful, yet easy to use and moderate career seeker/employer posting website. This site offers paid and free services designed to bring together employers and career seekers.
How it works

The career site offer two levels of revenue generation. Paid postings and advertising.

Employers can choose between account plans to post careers, that applicants can apply for. Employers receive instant notification of applications that are printable from the employers browser, plus employers can search resumes to find applicants for all their employee needs.

For career seekers, membership is free. One the site career seekers can create a free resume that can be submitted for career postings by employers, plus searchable by employers.

The career site also includes a rotating banner management system that is easily moderated from the admin area.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/jobsearch/content.php?topic=[sqli]

# 0day n0 m0re #
# L0rd CrusAd3r #