Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17775
HistoryAug 14, 2007 - 12:00 a.m.

JobLister3 SQL injection vulnerabilities

2007-08-1400:00:00
vulners.com
19
JSON

JobLister3 by SkilMatch Staffing Systems, Inc.
Multiple SQL injection vulnerabilities

http://www.dubdubdub.com/

http://www.skilmatch.com/

The search form filed doesnt strip special characters that have special

meanings. A single quote makes the application spit out a number of

errors.

This is not limited to the search query. The GET'd variables also fail to

sanatize characters.
Union selection:
www.example.com/index.php?mode=showbyID&jobid=99786'%20union%20all%20sele

ct%20something%20from%20something/*

Dump of entries:
www.example.com/index.php?mode=showbyID&jobid=99786'%20or%201=1/*

Using some old fasioned order by work, wee deduce 16 columns
www.example.com/index.php?mode=showbyID&jobid=99786'%20order%20by%2016/*

Thus, the fix currently would be to impletement addslashes functions to

all areas that recieve (or can recieve) user supplied data.

JSON