Caregiver Script 2.57 - SQL Injection

Author: Kaan KAMIS
type: webapps
platform: php
port: 
date_added: 2017-01-30 
date_updated: 2017-01-30 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

Exploit Title: Caregiver Script v2.57 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/caregiver-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Caregiver Script 2.51 is the best solution to launch a portal for hiring people for babysitting and other care giving services in a hassle free manner.

Type of vulnerability:

An SQL Injection vulnerability in Caregiver Script allows attackers to read
arbitrary administrator data from the database.

Vulnerable Url:

http://locahost/searchJob.php?sitterService=1[payload]
Vulnerable parameter : sitterService
Mehod : GET