CVE-2017-17642
📋 TL;DR
CVE-2017-17642 is a critical SQL injection vulnerability in Basic Job Site Script 2.0.5 that allows attackers to execute arbitrary SQL commands via the 'keyword' parameter in job search functionality. This affects all installations of Basic Job Site Script 2.0.5, potentially compromising the entire database. Attackers can steal sensitive data, modify database contents, or gain administrative access.
💻 Affected Systems
- Basic Job Site Script
📦 What is this software?
Basic Job Site Script by Basic Job Site Script Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, and full system takeover via privilege escalation.
Likely Case
Unauthorized data extraction including user credentials, personal information, and job application data.
If Mitigated
Limited to error messages or partial data exposure if input validation and parameterized queries are implemented.
🎯 Exploit Status
Multiple public exploit scripts available. Exploitation requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - No official patch released
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Upgrade to a newer version if available. 2. Manually implement parameterized queries in /job endpoint. 3. Replace vulnerable code with prepared statements using mysqli or PDO.
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to sanitize the keyword parameter before SQL processing
// In PHP code handling /job endpoint
$keyword = mysqli_real_escape_string($connection, $_GET['keyword']);
// OR use prepared statements:
$stmt = $connection->prepare('SELECT * FROM jobs WHERE title LIKE ?');
$stmt->bind_param('s', $keyword);
WAF Rule Implementation
linuxDeploy web application firewall rules to block SQL injection patterns
# Example ModSecurity rule
SecRule ARGS:keyword "@detectSQLi" \
"id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
# Example nginx rule
location /job {\n if ($args ~* "(union|select|insert|update|delete|drop|--|#)") {\n return 403;\n }\n}
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system
- Deploy intrusion detection systems to monitor for SQL injection attempts
🔍 How to Verify
Check if Vulnerable:
Test the /job endpoint with SQL injection payload: /job?keyword=test' OR '1'='1Check Version:
Check script version in admin panel or read version from script filesVerify Fix Applied:
Attempt SQL injection tests and verify they are blocked or sanitized. Check that prepared statements are implemented in the PHP code.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts after SQL injection
- Requests with SQL keywords in keyword parameter
Network Indicators:
- HTTP requests containing SQL injection patterns to /job endpoint
- Unusual database connection patterns
SIEM Query:
source="web_logs" AND uri_path="/job" AND (query_string="*union*" OR query_string="*select*" OR query_string="*' OR '*"*)