[webapps / 0day] - T-Dreams Job Seekers Package SQL Injectio
Posted on 04 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>T-Dreams Job Seekers Package SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='T-Dreams Job Seekers Package SQL Injection Vulnerability by R4dc0re in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>======================================================== T-Dreams Job Seekers Package SQL Injection Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' /'__` /'__` /\_____ / / 7 1 /\_, /\_L /\_L \/___//'/' \_ \____ 1 3 /_/ /_/_\_<_/_/_\_<_ /' /' /'_` '__` 3 3 / L / L /' /' / L L 3 7 \_ \____/ \____//\_/ \___,_ \_,__/ 7 1 /_//___/ /___/ // /__,_ //___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ########################################## 7 1 I'm R4dc0re 1337 Member from 1337 DataBase 1 3 ########################################## 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 # Author: R4dc0re # Exploit Title: T-Dreams Job Seekers Package SQL injection Vulnerability # Date: 04-12-2010 # Vendor or Software Link:http://t-dreams.com # Category:WebApp #Demo Link:http://t-dreams.com/demo/jobcareerV3 #Version:3.0 #Price:279$ #Contact: R4dc0re@yahoo.fr #Website: www.1337db.com #Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members Submit Your Exploit at Submit@1337db.com ######################################################################################## [Product Detail] Job Seekers can post their C.V.s and contact employers for free. Employers (companies) can post as many Job Ads as they need. Users can modify their posts later or delete them through a security system. The System is provided with Advanced Search Capabilities.. The system Allows admin to control how many Jobs Ads a company can post (e.g., for free). It allows too how many job seekers a company can contact (e.g., for free).. and a lot of related features [Vulnerability] SQL Injection: http://t-dreams.com/demo/jobcareerV3/Resumes/TD_RESUME_Indlist.asp?z_Residency=[Code] ######################################################################################## # <a href='http://1337db.com/'>1337db.com</a> [2010-12-04]</pre></body></html>
