ASPSiteware JobPost SQL injection Vulnerability

vendor:

JobPost

by:

R4dc0re

6,5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: JobPost

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:aspsiteware:jobpost:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

ASPSiteware JobPost SQL injection Vulnerability

JobPost is an application ideal for the small or independent business or association who need a way to post and update job openings internally or on the internet. Ideal for intranets Backend by Access database, JobPost can store thousands of job postings in categories. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'iType' parameter of the 'type.asp' page.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title: ASPSiteware JobPost SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link: www.aspsiteware.com
# Category:WebApp
#Version:1.0
#Price:40$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

JobPost is an application ideal for the small or independent business or association who need a way to post 
and update job openings internally or on the internet. Ideal for intranets Backend by Access database, 
JobPost can store thousands of job postings in categories.
 
[Vulnerability]

SQL Injection:

http://server/JobPost/type.asp?iType=[Code]
########################################################################################