28 lines
No EOL
1.1 KiB
Text
28 lines
No EOL
1.1 KiB
Text
# Author: R4dc0re
|
|
# Exploit Title: T-Dreams Job Seekers Package SQL injection Vulnerability
|
|
# Date: 04-12-2010
|
|
# Vendor or Software Link:http://t-dreams.com
|
|
# Category:WebApp
|
|
#Version:3.0
|
|
#Price:279$
|
|
#Contact: R4dc0re@yahoo.fr
|
|
#Website: www.1337db.com
|
|
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
|
|
|
|
Submit Your Exploit at Submit@1337db.com
|
|
|
|
########################################################################################
|
|
[Product Detail]
|
|
|
|
Job Seekers can post their C.V.s and contact employers for free.
|
|
Employers (companies) can post as many Job Ads as they need.
|
|
Users can modify their posts later or delete them through a security system.
|
|
The System is provided with Advanced Search Capabilities..
|
|
The system Allows admin to control how many Jobs Ads a company can post (e.g., for free).
|
|
It allows too how many job seekers a company can contact (e.g., for free).. and a lot of related features
|
|
|
|
[Vulnerability]
|
|
|
|
SQL Injection:
|
|
http://server/jobcareerV3/Resumes/TD_RESUME_Indlist.asp?z_Residency=[Code]
|
|
######################################################################################## |