Job Search Script - SQL Injection

EDB-ID:

13969

CVE:

N/A




Platform:

PHP

Date:

2010-06-22


1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Job Search SQL Injection
Vendor url:http://getaphpsite.com
Version:1
Price:20$
Published: 2010-06-22
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, M4n0j, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team , Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Our career website is a powerful, yet easy to use and moderate career seeker/employer posting website. This site offers paid and free services designed to bring together employers and career seekers.
How it works

The career site offer two levels of revenue generation. Paid postings and advertising.

Employers can choose between account plans to post careers, that applicants can apply for. Employers receive instant notification of applications that are printable from the employers browser, plus employers can search resumes to find applicants for all their employee needs.

For career seekers, membership is free. One the site career seekers can create a free resume that can be submitted for career postings by employers, plus searchable by employers.

The career site also includes a rotating banner management system that is easily moderated from the admin area.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/jobsearch/content.php?topic=[sqli]

# 0day n0 m0re #
# L0rd CrusAd3r #