Caregiver Script 2.57 – SQL Injection

Exploit Database
17 阅读

作者： Kaan KAMIS

日期： 2017-01-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41186/

Exploit Title: Caregiver Script v2.57 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/caregiver-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Caregiver Script 2.51 is the best solution to launch a portal for hiring people for babysitting and other care giving services in a hassle free manner.

Type of vulnerability:

An SQL Injection vulnerability in Caregiver Script allows attackers to read
arbitrary administrator data from the database.

Vulnerable Url:

http://locahost/searchJob.php?sitterService=1[payload]
Vulnerable parameter : sitterService
Mehod : GET

last Exploits
Caregiver Script 2.57 – SQL Injection的更多信息

Auxilium RateMyPet – Arbitrary File Upload (Metasploit)：
New-CMS 1.08 – Multiple Local File Inclusion / HTML Injection Vulnerabilities：
PHPJabbers Service Booking Script 1.0 – Reflected XSS：
phpMyAdmin 4.8.1 – (Authenticated) Local File Inclusion (2)：
WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (Metasploit)：
Joomla! Component com_rand – SQL Injection：
phpPgAdmin 7.13.0 – COPY FROM PROGRAM Command Execution (Authenticated)：
WPN-XM Serverstack for Windows 0.8.6 – Multiple Vulnerabilities：