Written by K-159
Tuesday, 31 March 2009 22:46
Taifajobs 'jobdetails.php' SQL Injection Vulnerability
Input Validation Error
Feb 23 2009 12:00AM
Mar 31 2009 06:26PM
Tony Iha Kazungu Taifajobs 1.0
Taifajobs (Job Recruitment System) is prone to an SQL-injection vulnerability because
it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying database.
Taifajobs 1.0 is vulnerable; other versions may also be affected.
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/[path]/jobdetails.php?jobid=-5 union select 1,2,3,4,5,6,concat
(admin,0x3a,email,0x3a,loginname,0x3a,pass),8,9,0,1,2,3,4,5,6,7,8,9,0 from users--
Vendor updates are available. Please contact the vendor for details on obtaining and
applying the appropriate updates.
http://sourceforge.net/projects/taifajobs (Tony Iha Kazungu)
--[ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
--Re: [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerabil