trabajando-xss.txt

2008-06-23T00:00:00
ID PACKETSTORM:67575
Type packetstorm
Reporter Ivan Sanchez
Modified 2008-06-23T00:00:00

Description

                                        
                                            `+==========================================================================+  
+ Powered by Trabajando.com & XSS Vulnerabilities +  
+==========================================================================+  
  
  
Author(s): Ivan Sanchez   
  
Product: ©Copyright 1999-2008. Powered by Trabajando.com  
  
Web: http://www.trabajando.com  
  
Versions: All Version   
  
Date: 21/06/2008  
  
  
The vendor knows these vulnerabilities-  
  
Hundred of sites with domain "cl" are vulnerables (Chile)  
  
  
GOOGLE DORKS:  
------------  
  
inurl:"CFTOKEN=" trabajando.com  
  
intile:"Copyright 1999-2008. Trabajando.com."  
  
inurl:"verofertas.cfm?CFID="  
  
  
  
Internal Variables:  
-------------------  
  
File:  
-----   
http://.../../verOfertas.cfm  
  
Input there evil xss and inject remote code.  
  
  
variable= palabra (Post)  
variable= palabras (exploit to querystring)  
  
  
Input there evil xss and inject remote code.  
  
File:  
-----  
http://.../../avanzados.cfm  
  
variable= palabrasa (exploit to querystring)  
  
  
  
  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+==========================================================================+  
+ Powered by Trabajando.com & XSS Vulnerabilities +  
+==========================================================================+`