ID CVE-2010-1606 Type cve Reporter cve@mitre.org Modified 2017-08-17T01:32:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
{"exploitdb": [{"lastseen": "2016-02-01T16:19:10", "bulletinFamily": "exploit", "description": "XSS and Authentication bypass in NCT Jobs Portal Script. CVE-2010-1604,CVE-2010-1606. Webapps exploit for php platform", "modified": "2010-04-24T00:00:00", "published": "2010-04-24T00:00:00", "id": "EDB-ID:12370", "href": "https://www.exploit-db.com/exploits/12370/", "type": "exploitdb", "title": "NCT Jobs Portal Script - XSS and Authentication Bypass", "sourceData": "# Exploit Title: XSS and Authentication bypass in NCT Jobs Portal Script\r\n# Date: 24-apr-2010\r\n# Author: Sid3^effects\r\n# Software Link: N/a\r\n# CVE : []\r\n# Code : [] ______________________________________________________________________________\r\n XSS and Authentication bypass in NCT Jobs Portal Script\r\n Vendor:http://www.ncrypted.net/\r\n ___________________________Author:Sid3^effects_________________________________\r\n \r\n\r\nDescription :\r\n\r\nNCT Jobs Portal script is a web product for running powerful and customized job portals. Be it a fresh site that you want to launch or be it for integration into your already existing website, NCT Jobs Portal is everything you need when it comes to job portal or business networking solution. Jobs Portal comes with a front-end and a back-end (Admin Panel). Admin Panel has a wide range of functions along with a CMS (Content Management System) which will easily enpower you to customize and manage your very own Jobs Portal.\r\n\r\nscript cost :$99 \r\n---------------------------------------------------------------------------\r\n\t* Authentication bypass:\r\n\r\n\tThe following script has authentication bypass in the admin login \r\n\r\n\tuse ' or 1=1 or ''=' in both login and password.\r\n\r\n---------------------------------------------------------------------------\r\n\t* XSS (cross site scripting ) :\r\n \r\n\tXSS is also found in the search field. \r\n\r\n Parameter Name: Keywords or Tags or Desired City\r\n Parameter Type: Querystring \r\n Attack Pattern: '\"--><script>alert(0x000872)</script> \r\n---------------------------------------------------------------------------\r\n\r\nShoutZ :\r\n------- \r\n ---Indian Cyber warriors--Andhra hackers-- \r\n\r\nGreetz :\r\n--------\r\n ---*L0rd \u00c7rusAd\u00ear*---d4rk-blu\u2122\u00ae [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/12370/"}]}