Closed

High-Level SQL Expert required.

Our company (Rehabilitation clinic for people with drug addiction) has a forum which may have been compromised.

We're running Vbulletin Version 4.1.2 which is vulnerable and exploitable.

What we're looking for is SQL Injection expert to do penetentrion testing on our website. What we looking from sql expert is to see what the hackers could of done.

We're affraid that hacker might of gotten mysql dump, or changed any of the passwords for vbulletin in mysql.

Our company takes security very seriously and we cannot afford to have any of our customers/visitors information stolen.

We are offering 500 USD for someone who is able to extract mysql dump from our website, or UPDATE any of the mysql passwords.

For example this is the SQL query which is executed -

SELECT [url removed, login to view]

FROM socialgroupcategory AS socialgroupcategory

WHERE [url removed, login to view] IN (-99) union select username from user where userid=1 and row(1,1)>(select count(*),concat( (select [url removed, login to view]) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /* );

So bassicly it returns to -

"#1062 - Duplicate entry 'admin:1' for key 1"

as "admin" being "username" record in database, field user.

We are not really that worries if hackers are not able to do anything more than extracting rows one-by-one.

BUT IF ALL MYSQL DUMP CAN BE LEAKED OR ANY PASSWORDS OR OTHER MYSQL DETEILS CAN BE CHANGED (UPDATE) This is risk.

So, if you're able to do anything more than "showing records one-by-one" please let us know.

WE OFFER 500 USD FOR SUCCESSFUL PENETRATION TESTING.

If you're ready to start testing/executing vulnabulity. Please send me messege, and I'll send you link to our forum, and where vulnability exists.

This is 100% legal. You'll be doing testing on our website, with our permission. We can proof that forum you're working on is OURs

Skills: PHP, SQL

See more: to level, one more level, level one, level more one, level 2, entry level it, 1 level, level sql, website penetration testing, vulnerable, SQL Query, sql injection, rehabilitation, penetration, hackers, entry level, entry level php , admin expert, website sql injection, looking sql, link sql, php mysql sql example, php mysql permission, sql injection extract database, sql required

About the Employer:
( 0 reviews ) Vilnius, Lithuania

Project ID: #1140513

9 freelancers are bidding on average $420 for this job

phpexp

Please check the PMB.

$500 USD in 7 days
(174 Reviews)
7.8
agilesols

lets do it.

$499 USD in 10 days
(204 Reviews)
7.5
musashi42

Hi, I'm interested and I've posted this bid in previous same project but here it is as well. Please check my profile and Your INBOX for more details. Thank You.

$500 USD in 0 days
(15 Reviews)
5.4
openkava

let me try it .tell me your forum .

$250 USD in 5 days
(1 Review)
0.4
Renuramachandran

Hi, We are 5+ yrs of experience in SQL with testing [url removed, login to view] you can trust [url removed, login to view] provide the doucments to understand the Process. Thanks

$500 USD in 7 days
(0 Reviews)
0.0
pwlasantha

I do this, please send me details

$500 USD in 5 days
(0 Reviews)
0.0
itsvj

Please Refer PMB. We Have 15+ Years Experience of software development.

$480 USD in 7 days
(0 Reviews)
0.0
jaydipsinh

I have 5 yrs. exp in opensource

$250 USD in 4 days
(0 Reviews)
0.0
Ciph3r

please check you PMb

$300 USD in 3 days
(0 Reviews)
0.0