T-Dreams Job Seekers Package 3.0 SQL Injection

2011-08-28 / 2011-08-29
Credit: R4dc0re
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

# Author: R4dc0re # Exploit Title: T-Dreams Job Seekers Package SQL injection Vulnerability # Date: 04-12-2010 # Vendor or Software Link:http://t-dreams.com # Category:WebApp #Demo Link:http://t-dreams.com/demo/jobcareerV3 #Version:3.0 #Price:279$ #Contact: R4dc0re@yahoo.fr #Website: www.1337db.com #Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members Submit Your Exploit at Submit@1337db.com ######################################################################################## [Product Detail] Job Seekers can post their C.V.s and contact employers for free. Employers (companies) can post as many Job Ads as they need. Users can modify their posts later or delete them through a security system. The System is provided with Advanced Search Capabilities.. The system Allows admin to control how many Jobs Ads a company can post (e.g., for free). It allows too how many job seekers a company can contact (e.g., for free).. and a lot of related features [Vulnerability] SQL Injection: http://t-dreams.com/demo/jobcareerV3/Resumes/TD_RESUME_Indlist.asp?z_Residency=[Code] ########################################################################################

Referencje:

http://www.securityfocus.com/bid/45203
http://www.exploit-db.com/exploits/15678
http://secunia.com/advisories/34996
http://packetstormsecurity.org/files/view/96375/tdreamsjsp-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top