Home » Security » Boolean SQLi and LFI vulnerability to Recruiting website Jobvite

Boolean SQLi and LFI vulnerability to Recruiting website Jobvite

User privacy and Database security is much important for the website solution providers. Today most of the companies are providing some social recruiting tool and application tracking tool for the recruiting based company which is providing expected level of quality and recruiting technology. Jobvite is one of the talents sourcing company which provides support to the recruiting based companies.

jobvite security vulnerability

Mohamed M. Fouad, a security researcher from Egypt who found major security flaws in the Jobvite website which can provide the access to database by SQL injection and Local file inclusion which is mentioned in his blog. He found this issue when he tries to find to some vulnerability in freelancer job website Odesk. As a security researcher he also contacted the Jobvite team before 3 months and they are not fixed the issue which is added into his blog.

SQLi is one of the code injection technique used to attack and the code injection to the entry field of a website could cause the dump to database by the attacker. The other one is Local file inclusion vulnerability which is usually script based attack which uses the loop hole of the input validation of the login and the vulnerability like LFI could allow attacks like Cross Site Scripting, Denial of Service.

Fouad also explained the process the attack in his blog.

Do you think your user privacy is maintained?