Vulners
Lucene search
SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure
🗓️ 04 Apr 2017 00:00:00Reported by Patrick WebsterType 
packetstorm🔗 packetstormsecurity.com👁 351 Views
| Reporter | Title | Published | Views | Family All 186 |
|---|---|---|---|---|
 | Exploit for Argument Injection in Phpmailer_Project Phpmailer | 10 May 201712:01 | – | githubexploit |
| Exploit for Argument Injection in Phpmailer_Project Phpmailer | 26 Mar 202613:28 | – | githubexploit |
| Exploit for Argument Injection in Phpmailer_Project Phpmailer | 10 May 201703:18 | – | githubexploit |
| Exploit for Argument Injection in Phpmailer_Project Phpmailer | 9 Feb 201814:53 | – | githubexploit |
| Exploit for Argument Injection in Phpmailer_Project Phpmailer | 26 Dec 201613:39 | – | githubexploit |
 | PHPMailer 5.2.17 - Remote Code Execution Exploit | 26 Dec 201600:00 | – | zdt |
| PHPMailer < 5.2.18 Remote Code Execution Vulnerability | 26 Dec 201600:00 | – | zdt |
| PHPMailer 5.2.20 - Remote Code Execution Exploit | 28 Dec 201600:00 | – | zdt |
| PHPMailer 5.2.18 - Remote Code Execution (Python) Exploit | 29 Dec 201600:00 | – | zdt |
| PHPMailer Sendmail Argument Injection Exploit | 4 Jan 201700:00 | – | zdt |
10
`https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html
Date:
04-Apr-2017
Product:
SmartJobBoard
Versions affected:
v5.0.9 and below.
Vulnerability:
1) Cross-site scripting vulnerabilities in the following locations and
parameters:
/add-listing/ [proceed_to_posting parameter]
/add-listing/ [productSID parameter]
/add-listing/Resume/General/ [productSID parameter]
/add-listing/Resume/General/132 [Skills parameter]
/add-listing/Resume/General/132/* [URL injection]
/add-listing/Resume/General/132 [WorkExperience[WE_Description][1] parameter]
/my-listings/* [URL injection]
/registration/ [CompanyDescription parameter]
/change-password/ [username parameter]
/change-password/ [verification_key parameter]
2) Information disclosure.
Anyone can access other user's details, without authentication:
E.g. If your resume is /resume-preview/2/, you can request
/resume-preview/1/ and see someone else's email / phone / address.
3) The product sends emails using the PHPMailer package. The version
is shipped with v.5.1 which is vulnerable to
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
Credit:
Discovered by Patrick Webster
Disclosure timeline:
01-Feb-2017 - Discovered during audit. Reported to vendor. Vendor
reports working on patch.
04-Apr-2017 - Public disclosure.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability auditing and wireless
site audits, vendor product assessments, secure network design,
forensics and risk mitigation services.
We can be found at http://www.osisecurity.com.au/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Apr 2017 00:00Current
10High risk
Vulners AI Score10
EPSS0.94418