CVE-2017-17895
📋 TL;DR
This vulnerability allows attackers to execute arbitrary SQL commands via the location_name array parameter in the /job URI of Readymade Job Site Script. It affects all deployments of this script that haven't been patched, potentially compromising job site databases and user data.
💻 Affected Systems
- Readymade Job Site Script
📦 What is this software?
Basic Job Site Script by Basic Job Site Script Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, modification, or deletion, and potential server takeover via SQL injection leading to remote code execution.
Likely Case
Database information disclosure including user credentials, personal data, and job listings, with potential for data manipulation.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
Simple SQL injection via URL parameter. Public proof-of-concept available in GitHub repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check vendor updates
Vendor Advisory: Not available - third-party script
Restart Required: No
Instructions:
1. Update to latest version of Readymade Job Site Script. 2. If source code available, implement parameterized queries for location_name parameter. 3. Validate and sanitize all user inputs in /job URI handler.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns in location_name parameter
WAF-specific configuration commands vary by platform
Input Validation Filter
linuxAdd server-side validation to reject malicious location_name values
Add PHP validation: if(!preg_match('/^[a-zA-Z0-9\s,.-]+$/', $_GET['location_name'])) { die('Invalid input'); }
🧯 If You Can't Patch
- Implement network segmentation to isolate the job site script from critical databases
- Deploy database monitoring to detect unusual SQL queries from the application
🔍 How to Verify
Check if Vulnerable:
Test /job URI with location_name parameter containing SQL injection payload like: /job?location_name[]=' OR '1'='1Check Version:
Check script version in admin panel or source code headersVerify Fix Applied:
Attempt SQL injection tests and verify they're rejected or properly handled without database errors📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in web server logs
- Multiple requests with SQL keywords in location_name parameter
- Database error messages containing SQL syntax
Network Indicators:
- HTTP requests to /job with SQL injection patterns in parameters
- Unusual database query patterns from web server IP
SIEM Query:
web.url:"/job" AND (web.param:"location_name" AND (web.param.value:"OR" OR web.param.value:"UNION" OR web.param.value:"SELECT"))