Caregiver Script 2.57 - SQL Injection

EDB-ID:

41186

CVE:

N/A




Platform:

PHP

Date:

2017-01-30


Exploit Title: Caregiver Script v2.57 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/caregiver-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Caregiver Script 2.51 is the best solution to launch a portal for hiring people for babysitting and other care giving services in a hassle free manner.

Type of vulnerability:

An SQL Injection vulnerability in Caregiver Script allows attackers to read
arbitrary administrator data from the database.

Vulnerable Url:

http://locahost/searchJob.php?sitterService=1[payload]
Vulnerable parameter : sitterService
Mehod : GET