Back to list
JobLister3 SQL injection vulnerabilities
Aug 13 2007 06:26AM
joseph giron13 gmail com
JobLister3 by SkilMatch Staffing Systems, Inc.
Multiple SQL injection vulnerabilities
The search form filed doesnt strip special characters that have special
meanings. A single quote makes the application spit out a number of
This is not limited to the search query. The GET'd variables also fail to
Dump of entries:
Using some old fasioned order by work, wee deduce 16 columns
Thus, the fix currently would be to impletement addslashes functions to
all areas that recieve (or can recieve) user supplied data.
[ reply ]
Copyright 2010, SecurityFocus